RE: blocking VTP traffic

From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Apr 21 2005 - 16:44:52 GMT-3

• Next message: Pat Chui: "Re: blocking VTP traffic"
• Previous message: James Ventre: "Re: blocking VTP traffic"
• Maybe in reply to: Pankaj Madhukar Kulkarni: "blocking VTP traffic"
• Next in thread: Pat Chui: "Re: blocking VTP traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey James,

That seems like good stuff to know for the lab.

Thanks a lot. While looking over that table I noticed that most of the
entries begin with 0180.c200.000x as seen below.

Do you what that last digit represents?

1 0180.c200.0001 STATIC CPU
  1 0180.c200.0002 STATIC CPU
  1 0180.c200.0003 STATIC CPU
  1 0180.c200.0004 STATIC CPU
  1 0180.c200.0005 STATIC CPU
  1 0180.c200.0006 STATIC CPU
  1 0180.c200.0007 STATIC CPU
  1 0180.c200.0008 STATIC CPU
  1 0180.c200.0009 STATIC CPU
  1 0180.c200.000a STATIC CPU
  1 0180.c200.000b STATIC CPU
  1 0180.c200.000c STATIC CPU
  1 0180.c200.000d STATIC CPU
  1 0180.c200.000e STATIC CPU
  1 0180.c200.000f STATIC CPU
  1 0180.c200.0010 STATIC CPU

At first I was thinking different vlans until I realized all these mac addr
are in the same vlan.

Any ideas?

Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Ventre
Sent: Thursday, April 21, 2005 1:37 PM
To: ccielab@groupstudy.com
Subject: Re: blocking VTP traffic

>I take it that the first entry is the one for vtp, right?

In this instance yes, but don't count on that always being the case.
That's why I suggest you just memorize it.

>Besides that entry are there any others that are special? Like STP?
DTP? CDP? HSRP? etc.?

802.1d BPDU = 0180.c200.0000
PVST BPDU (native vlan) = 0100.0ccc.cccd

You can calculate the one for the tagged PVST vlan ID ... check CCO for
that.

I'm sure there are more - but I can't remember them off the top of my
head.

Also keep in mind that CDP and VTP will use the same D-MAC. You block
one ..... and you might block the other - don't create your own "Rat
Holes" :)

James

ccie2be wrote:

  Hey James,
  
  Thanks for show us that table. I take it that the first entry is the one
  for vtp, right?
  
  Besides that entry are there any others that are special? Like STP? DTP?
  CDP? HSRP? etc.?
  
  Thanks again, Tim
  
  -----Original Message-----
  From: nobody@groupstudy.com [ mailto:nobody@groupstudy.com ] On
Behalf Of
  James Ventre
  Sent: Thursday, April 21, 2005 12:39 PM
  To: ccielab@groupstudy.com Subject: Re: blocking VTP traffic
  
  You'll have to remember something about it .... one way or another.
  
  It's either how you figure it out (memorize the command and what to look
  for) or just memorize the MAC. But you've got 2 options.
  
  1. Remember that the multicast byte is turned on ... and the 2nd half is
  all c's.
  
  2. Figure it out from the below list.
  
  SWITCH>sh mac-address-table vl 1
  Mac Address Table
  -------------------------------------------
  
  Vlan Mac Address Type Ports
  ---- ----------- -------- -----
  Vlan Mac Address Type Por
  ---- ----------- -------- ---
  1 0100.0ccc.cccc STATIC CPU
  1 0100.0ccc.cccd STATIC CPU
  1 0180.c200.0000 STATIC CPU
  1 0180.c200.0001 STATIC CPU
  1 0180.c200.0002 STATIC CPU
  1 0180.c200.0003 STATIC CPU
  1 0180.c200.0004 STATIC CPU
  1 0180.c200.0005 STATIC CPU
  1 0180.c200.0006 STATIC CPU
  1 0180.c200.0007 STATIC CPU
  1 0180.c200.0008 STATIC CPU
  1 0180.c200.0009 STATIC CPU
  1 0180.c200.000a STATIC CPU
  1 0180.c200.000b STATIC CPU
  1 0180.c200.000c STATIC CPU
  1 0180.c200.000d STATIC CPU
  1 0180.c200.000e STATIC CPU
  1 0180.c200.000f STATIC CPU
  1 0180.c200.0010 STATIC CPU
  1 ffff.ffff.ffff STATIC CPU
  
  James
  
  ccie2be wrote:
  
    Hey James,
    
    Let's suppose for a moment, someone taking the lab couldn't remember
that
    mac address.
    
    How would they find it out? Check the config guide?
    
    Thx, Tim
    
    -----Original Message-----
    From: nobody@groupstudy.com [ mailto:nobody@groupstudy.com
] On
  Behalf Of
    James Ventre
    Sent: Thursday, April 21, 2005 11:56 AM
    To: ccielab@groupstudy.com Subject: Re: blocking VTP traffic
    
    MAC ACL to block destination of: 01-00-0C-CC-CC-CC ??
    
    But on a lot of platforms MAC ACL's are only for NON IP traffic ... so
    be careful.
    
    James
  
    ccie2be wrote:
  
      Pankaj,
      
      I think the only way to do this would be by using a vlan acl.
      
      VTP traffic I believe is always carried in the management vlan which
is
  
    vlan
  
      1.
      
      The real issue I think is figuring out how to specify vtp traffic in
the
      vlan map.
      
      Off-hand, I don't know how to specify vtp traffic but maybe there's a
  debug
      which could shine some light on this question.
      
      HTH, Tim
      
      -----Original Message-----
      From: nobody@groupstudy.com [
mailto:nobody@groupstudy.com ] On Behalf Of
      Pankaj Madhukar Kulkarni
      Sent: Thursday, April 21, 2005 11:04 AM
      To: ccielab@groupstudy.com Subject: blocking VTP traffic
      
      Hi Group,
  
      If the question demands that all "VTP traffic should be blocked". Does
      this require that both the switches be configured in the transparent
      mode???
  
      Regards,
      
      Pankaj K
      
 

• Next message: Pat Chui: "Re: blocking VTP traffic"
• Previous message: James Ventre: "Re: blocking VTP traffic"
• Maybe in reply to: Pankaj Madhukar Kulkarni: "blocking VTP traffic"
• Next in thread: Pat Chui: "Re: blocking VTP traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:06 GMT-3