Re: block DTP

From: CCIE 4 Me (ccie4me@inbox.lv)
Date: Sun Mar 12 2006 - 11:10:58 GMT-3

I concord, setting the port to access mode and disabling negotiation on the
ports should be enough to disable VTP&DTP on the ports. Configuring VTP
Transparent mode will only be needed if the question was sometime like
'disable vtp&dtp on the switch'. VTP deals with replication of VLAN
information across the switch network and that only take place over trunk
ports.

----- Original Message -----
From: "Victor Cappuccio" <cvictor@protokolgroup.com>
To: "Mushtaq A. Khan" <mak.ccie2b@gmail.com>
Cc: <jnkmail4eva@yahoo.com>; <ccielab@groupstudy.com>
Sent: Sunday, March 12, 2006 12:23 AM
Subject: Re: block DTP

> I thought that only VTP Exchange Messages where sent to trunk ports??
>
>
> Mushtaq A. Khan escribis:
> > On Non Trunk ports only "Switchport mode access" will disable the DTP.
To
> > disable VTP traffic, you'll need to configure "VTP Transparent" on both
> > switches. "Switchport nonegotiate" can be used on trunk ports to disable
> > autonegotiation.
> >
> > *NON-TRUNK PORT:*
> > sw2#sh int f1/0/7 switch | inc Negotiation
> > *Negotiation of Trunking: On*
> > sw2(config)#int f1/0/7
> > sw2(config-if)#sw mod acc
> > sw2(config-if)#end
> > sw2#sh int f1/0/7 switch | inc Negotiation
> > *Negotiation of Trunking: Off*
> >
> > **
> > *TRUNK PORT:*
> > sw2#sh int f1/0/23 switchport
> > Name: Fa1/0/23
> > Switchport: Enabled
> > Administrative Mode: trunk
> > Operational Mode: trunk
> > Administrative Trunking Encapsulation: isl
> > Operational Trunking Encapsulation: isl
> > *Negotiation of Trunking: On*
> > Access Mode VLAN: 1 (default)
> > Trunking Native Mode VLAN: 1 (default)
> > Administrative Native VLAN tagging: enabled
> > Voice VLAN: none
> > ....
> >
> > sw2(config)#int f1/0/23
> > sw2(config-if)# sw nonegotiate
> > sw2(config-if)#end
> > sw2#sh int f1/0/23 switchport
> > 1w1d: %SYS-5-CONFIG_I: Configured from console by console
> > sw2#sh int f1/0/23 switchport
> > Name: Fa1/0/23
> > Switchport: Enabled
> > Administrative Mode: trunk
> > Operational Mode: trunk
> > Administrative Trunking Encapsulation: isl
> > Operational Trunking Encapsulation: isl
> > *Negotiation of Trunking: Off*
> > Access Mode VLAN: 1 (default)
> > Trunking Native Mode VLAN: 1 (default)
> > Administrative Native VLAN tagging: enabled
> > Voice VLAN: none
> > ....
> >
> > HTH,
> > Mushtaq
> >
> > On 3/11/06, jnkmail4eva@yahoo.com <jnkmail4eva@yahoo.com> wrote:
> >
> >> What if port f0/5 to f/10 are not trunk ports but access ports.
> >> Question states that to block all vtp and dtp broadcast traffic on the
> >> above listed ports.
> >>
> >> so th following should work
> >>
> >> interface range f0/5 - 10
> >> switchport mode acess
> >> switchport trunk non-negotiate
> >>
> >>
> >> and since these ports are not trunk ports, they will not broadcast any
vtp
> >> traffic.
> >>
> >> Am I right in my solution ?
> >> Please advice.
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3