RE: Blocking VTP traffic

From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Apr 22 2005 - 08:56:50 GMT-3

• Next message: Artir Geci: "RE: IOS loading problem"
• Previous message: Bart Van Kildonck: "Booting default IOS via TFTP"
• Next in thread: Keane, James: "RE: Blocking VTP traffic"
• Maybe reply: Keane, James: "RE: Blocking VTP traffic"
• Maybe reply: Gajewski Mariusz: "RE: Blocking VTP traffic"
• Maybe reply: Keane, James: "RE: Blocking VTP traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You are absolutely correct that using an acl to block vtp doesn't make any
sense in the real world. But, like it or not, the Cisco lab doesn't care
about configurations that are "real world" or best practices.

This isn't the issue.

The original question was about how to block vtp, not how to disable vtp.

While the effect may be the same, the implementation is different.
Depending on the exact wording of the task, disabling vtp might not be an
acceptable option.

Just my .02 worth.

Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
boby2kusa
Sent: Friday, April 22, 2005 1:55 AM
To: Todd.Osterberg@compucom.com; ccielab@groupstudy.com
Subject: Re: Blocking VTP traffic

is everyone serious about creating a mac access list to block VTP????? VTP
Transparent does NOT send VTP advertisement and it ignores any received VTP
advertisement as well. If yo do not believe me make one a server and the
other transparent see if the vlan database is exchanged.

The thought process here is not logical, why would you configure both a
server when and have both switches exchange vlan database through VTP and
then block it so they no exchanged vlan database, does not make sense and
it's NOT applied in the real world.

And look at this:
***
Disabling VTP (VTP Transparent Mode)

When you configure the switch for VTP transparent mode, VTP is disabled on
the switch. The switch does not send VTP updates and does not act on VTP
updates received from other switches. However, a VTP transparent switch
running VTP version 2 does forward received VTP advertisements on its trunk
links.
***

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225seb/scg/swvtp
.htm#wp1035326

----- Original Message -----
From: <Todd.Osterberg@compucom.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, April 21, 2005 2:55 PM
Subject: re: Blocking VTP traffic

> ?
> So, I lab'd up this discussion (config below) and didn't get the desired
> results.
>
> sw1 (gig0/1) ------ sw2 (gig0/1)
>
> Both switches are set to vtp server w/ vtp domain name of cisco. Once the
> intial config was done, I then created vlans on each switch to test that
VTP
> was working properly. Once this was happy, I applied the mac access-group
to
> sw1. I then created more vlans on sw2 and they were propogated to sw1.
I've
> tried using the hex value and decimal value for the vtp ethertype but it
vtp
> is still propogating. I've also tried using the 0100.000c.cccc
> destination mac with the same results. Any ideas what I am missing?
>
> TIA,
>
> Todd
>
>
> sw1
> ------
> mac access-list extended block-vtp
> deny any any 0x2003 0x0
> permit any any
>
> interface GigabitEthernet0/1
> mac access-group block-vtp in
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Artir Geci: "RE: IOS loading problem"
• Previous message: Bart Van Kildonck: "Booting default IOS via TFTP"
• Next in thread: Keane, James: "RE: Blocking VTP traffic"
• Maybe reply: Keane, James: "RE: Blocking VTP traffic"
• Maybe reply: Gajewski Mariusz: "RE: Blocking VTP traffic"
• Maybe reply: Keane, James: "RE: Blocking VTP traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:06 GMT-3