RE: block DTP

From: Nadeem Lughmani (lughmani@gmail.com)
Date: Sun Mar 12 2006 - 12:17:11 GMT-3

• Next message: James Ventre: "Re: block DTP"
• Previous message: Aaron T. Woland: "RE: CSA vs anti-virus, anti-spam, popup blockers, etc"
• Next in thread: Nadeem Lughmani: "RE: block DTP"
• Maybe reply: Nadeem Lughmani: "RE: block DTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What if the question asks to disable DTP and VTP on ports fa0/1-fa0/10.
I understand that just doing "sw mode acc" can disable CDP and VTP.
But what if later in the lab if one of these ports needs to be trunked, in
this case now vtp is not disabled.
In this case now we have to do "vtp mode tran" as vtp can only be
enabled/disabled per switch basis not per port basis.
Am I right?

Reg
Nadeem

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of CCIE
4 Me
Sent: Sunday, March 12, 2006 6:11 AM
To: Victor Cappuccio; Mushtaq A. Khan
Cc: jnkmail4eva@yahoo.com; ccielab@groupstudy.com
Subject: Re: block DTP

I concord, setting the port to access mode and disabling negotiation on the
ports should be enough to disable VTP&DTP on the ports. Configuring VTP
Transparent mode will only be needed if the question was sometime like
'disable vtp&dtp on the switch'. VTP deals with replication of VLAN
information across the switch network and that only take place over trunk
ports.

----- Original Message -----
From: "Victor Cappuccio" <cvictor@protokolgroup.com>
To: "Mushtaq A. Khan" <mak.ccie2b@gmail.com>
Cc: <jnkmail4eva@yahoo.com>; <ccielab@groupstudy.com>
Sent: Sunday, March 12, 2006 12:23 AM
Subject: Re: block DTP

> I thought that only VTP Exchange Messages where sent to trunk ports??
>
>
> Mushtaq A. Khan escribis:
> > On Non Trunk ports only "Switchport mode access" will disable the DTP.
To
> > disable VTP traffic, you'll need to configure "VTP Transparent" on
> > both switches. "Switchport nonegotiate" can be used on trunk ports
> > to disable autonegotiation.
> >
> > *NON-TRUNK PORT:*
> > sw2#sh int f1/0/7 switch | inc Negotiation *Negotiation of Trunking:
> > On* sw2(config)#int f1/0/7 sw2(config-if)#sw mod acc
> > sw2(config-if)#end sw2#sh int f1/0/7 switch | inc Negotiation
> > *Negotiation of Trunking: Off*
> >
> > **
> > *TRUNK PORT:*
> > sw2#sh int f1/0/23 switchport
> > Name: Fa1/0/23
> > Switchport: Enabled
> > Administrative Mode: trunk
> > Operational Mode: trunk
> > Administrative Trunking Encapsulation: isl Operational Trunking
> > Encapsulation: isl *Negotiation of Trunking: On* Access Mode VLAN: 1
> > (default) Trunking Native Mode VLAN: 1 (default) Administrative
> > Native VLAN tagging: enabled Voice VLAN: none ....
> >
> > sw2(config)#int f1/0/23
> > sw2(config-if)# sw nonegotiate
> > sw2(config-if)#end
> > sw2#sh int f1/0/23 switchport
> > 1w1d: %SYS-5-CONFIG_I: Configured from console by console sw2#sh int
> > f1/0/23 switchport
> > Name: Fa1/0/23
> > Switchport: Enabled
> > Administrative Mode: trunk
> > Operational Mode: trunk
> > Administrative Trunking Encapsulation: isl Operational Trunking
> > Encapsulation: isl *Negotiation of Trunking: Off* Access Mode VLAN:
> > 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative
> > Native VLAN tagging: enabled Voice VLAN: none ....
> >
> > HTH,
> > Mushtaq
> >
> > On 3/11/06, jnkmail4eva@yahoo.com <jnkmail4eva@yahoo.com> wrote:
> >
> >> What if port f0/5 to f/10 are not trunk ports but access ports.
> >> Question states that to block all vtp and dtp broadcast traffic on
> >> the above listed ports.
> >>
> >> so th following should work
> >>
> >> interface range f0/5 - 10
> >> switchport mode acess
> >> switchport trunk non-negotiate
> >>
> >>
> >> and since these ports are not trunk ports, they will not broadcast
> >> any
vtp
> >> traffic.
> >>
> >> Am I right in my solution ?
> >> Please advice.
> >>
> >> ___________________________________________________________________
> >> ____ Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: James Ventre: "Re: block DTP"
• Previous message: Aaron T. Woland: "RE: CSA vs anti-virus, anti-spam, popup blockers, etc"
• Next in thread: Nadeem Lughmani: "RE: block DTP"
• Maybe reply: Nadeem Lughmani: "RE: block DTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:38 GMT-3