Re: Disabling VTP

From: Godswill Oletu (oletu@inbox.lv)
Date: Mon Oct 16 2006 - 02:14:01 ART

As Victor has stated, setting the trunking mode to 'nonegoatiate' and
configuring VTP transparent mode is the best option. There has been a thread
on this in the past, check the archives.

Filtering with an ACL at best will only prevent VTP from working, it will
not disable it.

HTH

Godswill Oletu
CCIE #16464 (R&S)

----- Original Message -----
From: "Victor Cappuccio" <cvictor@protokolgroup.com>
To: "'Jordan Gottlieb'" <thelieber@gmail.com>; "'CharlesB'"
<cbalik@adelphia.net>
Cc: "'Adam Frederick'" <AFrederick@homefederalbank.com>;
<ccielab@groupstudy.com>
Sent: Monday, October 16, 2006 12:32 AM
Subject: RE: Disabling VTP

> Hi Erez, Congratulations on your Digits!!
>
> But back to the post.
>
> DTP have something to do with VTP
>
> From the same link you sent http://www.cisco.com/warp/public/473/21.html
> Says "
> Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP packet.
> Therefore, if you have two ends of a link that belong to different VTP
> domains, the trunk does not come up if you use DTP. In this special case,
> you must configure the trunk mode as on or nonegotiate, on both sides, in
> order to allow the trunk to come up without DTP negotiation agreement.
> "
>
> I would agree with Adam here, In setting the Switch to Transparent to
avoid
> sending VTP Messages over the trunk ports.
>
> Please look at the following output in detail, I would not think that the
> mac access-list idea could work, but I would test that out tomorrow with a
> couple of real 3550, since I'm playing now with Dynamips with an IOS of a
> 3640 with a NM-16ESW.
>
> Sw2(vlan)#vtp server
> Setting device to VTP SERVER mode.
> Sw2(vlan)#
> *Mar 1 00:04:16.155: VTP LOG RUNTIME: Transmit vtp summary, domain CISCO,
> rev 0
> , followers 1
> MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF 9D FC 23
>
> Sw2(vlan)#vtp transparent
> Setting device to VTP TRANSPARENT mode.
> Sw2(vlan)#vtp server
> Setting device to VTP SERVER mode.
> Sw2(vlan)#
> *Mar 1 00:04:39.855: VTP LOG RUNTIME: Transmit vtp summary, domain CISCO,
> rev 0
> , followers 1
> MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF 9D FC 23
> Sw2(vlan)#
>
>
> Please see that the time the First VTP Summary Message was send out was
> 00:4:16 and I configured the switch to be in VTP Transparent mode for a
> short while and set it back to VTP Server. See the VTP summary now being
> sent out (0.4.39)
>
> Congratulations again,
> Saludos,
> Victor.-
>
>
> -----Mensaje original-----
> De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Jordan
> Gottlieb
> Enviado el: Domingo, 15 de Octubre de 2006 11:32 p.m.
> Para: CharlesB
> CC: Adam Frederick; ccielab@groupstudy.com
> Asunto: Re: Disabling VTP
>
> From http://www.cisco.com/warp/public/473/21.html"
>
> VTP packets are sent in either Inter-Switch Link (ISL) frames or in IEEE
> 802.1Q (dot1q) frames. These packets are sent to the destination MAC
address
> 01-00-0C-CC-CC-CC with a logical link control (LLC) code of Subnetwork
> Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header).
>
> You should be able to configure a Name MAC Extended ACL filter. (
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swacl
> .htm#wp1177176)
> this on the respective port. I have not tried this...But I believe it
will
> probably work.
>
> I must caution people not to confuse DTP with VTP. The switchport
> nonegotiate command is a DTP disable command (nothing to to with VTP).
>
> Hope this helps. BTW... I passed my lab a week ago this past Thursday in
> San Jose. Hope this input (and future to come) helps repay some of
benifit
> I have obtained from this board.
>
> Erez Jordan Gottlieb
> CCIE #17010
>
>
>
> On 10/15/06, CharlesB <cbalik@adelphia.net> wrote:
> >
> > I assume since VTP runs on the trunks ports, getting the interface out
of
> > trunk mode would solve the issue.
> >
> > sw1#sh vtp cou
> > sw1#sh vtp counters
> > VTP statistics:
> > Summary advertisements received : 0
> > Subset advertisements received : 0
> > Request advertisements received : 0
> > Summary advertisements transmitted : 0
> > Subset advertisements transmitted : 0
> > Request advertisements transmitted : 0
> > Number of config revision errors : 0
> > Number of config digest errors : 0
> > Number of V1 summary errors : 0
> >
> >
> > VTP pruning statistics:
> >
> > Trunk Join Transmitted Join Received Summary advts
received
> > from
> > non-pruning-capable
> > device
> > ---------------- ---------------- ----------------
> > -------------------------
> > --
> > Fa0/13 0 0 0
> > Fa0/14 0 0 0
> > Fa0/15 0 0 0
> > Fa0/24 0 0
0------------------>
> > check it out
> >
> >
> >
> >
> > s1#interface FastEthernet0/24
> > switchport mode dynamic desirable
> >
> >
> >
> > Since it is in desirable mode, it negotiates the trunk status wit the
> > other
> > link, but if it is a switchport, the vtp counters does not list it
> > anymore.
> >
> > sw1(config)#inter fas0/24
> > sw1(config-if)#sw
> > sw1(config-if)#switchport mode acc
> > sw1(config-if)#end
> > sw1#sh
> > 10w2d: %SYS-5-CONFIG_I: Configured from console by conssh vtp counters
> > VTP statistics:
> > Summary advertisements received : 0
> > Subset advertisements received : 0
> > Request advertisements received : 0
> > Summary advertisements transmitted : 0
> > Subset advertisements transmitted : 0
> > Request advertisements transmitted : 0
> > Number of config revision errors : 0
> > Number of config digest errors : 0
> > Number of V1 summary errors : 0
> >
> >
> > VTP pruning statistics:
> >
> > Trunk Join Transmitted Join Received Summary advts
received
> > from
> > non-pruning-capable
> > device
> > ---------------- ---------------- ----------------
> > -------------------------
> > --
> > Fa0/13 0 0 0
> > Fa0/14 0 0 0
> > Fa0/15 0 0 0
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Adam Frederick
> > Sent: Sunday, October 15, 2006 6:15 PM
> > To: ccielab@groupstudy.com
> > Subject: Disabling VTP
> >
> >
> > ?
> > Group
> >
> > I am working on a practice lab that utilizes 2x3550's & calls for
> > disabling
> > VTP on the fastethernet interfaces. I have searched and searched and
> > haven't seen that it is possible to disable VTP on a per-interface
basis,
> > is
> > this correct? I think the solution is to change VTP to transparent
since
> > the gigabit ports are not being utilized at all in the practice
> > lab. Could
> > someone confirm this?
> >
> > Thanks,
> > Adam
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Adam Frederick
> > Sent: Sunday, October 15, 2006 6:15 PM
> > To: ccielab@groupstudy.com
> > Subject: Disabling VTP
> >
> >
> > ?
> > Group
> >
> > I am working on a practice lab that utilizes 2x3550's & calls for
> > disabling
> > VTP on the fastethernet interfaces. I have searched and searched and
> > haven't seen that it is possible to disable VTP on a per-interface
basis,
> > is
> > this correct? I think the solution is to change VTP to transparent
since
> > the gigabit ports are not being utilized at all in the practice
> > lab. Could
> > someone confirm this?
> >
> > Thanks,
> > Adam
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:05 ART