Re: Disabling VTP

From: Jordan Gottlieb (thelieber@gmail.com)
Date: Mon Oct 16 2006 - 11:45:37 ART

• Next message: Roberto Fernandez: "Question on DHCP and multiple gateways assigment"
• Previous message: Vincent Mashburn: "RE: Be=0"
• Maybe in reply to: Adam Frederick: "Disabling VTP"
• Next in thread: Godswill Oletu: "Re: Disabling VTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I missed the VTP component within DTP (I back down from by "All Encompasing"
comment). Still one can still disable DTP and have VTP functioning (I have
not actually tried this. Please correct me if I am wrong). Though, I
agree that the "CCIE lab" answer is probably the one involving going
transparent. My experience with the lab is to not overanalyze the problem
presented . Though it seems I have forgotten those lessons rather quickly.
: )

My solution attempted to address original question of how to disable vtp on
specific ports (though technically you are just crippling it). Though it is
probably not directly useful for CCIE candidates, going down the "Rabbit
Hole" like I did is useful to get a better understanding of the individual
technologies (VTP and DTP in this case).

Cheers (good thread),

Erez Jordan Gottlieb
CCIE #17010

On 10/16/06, Scott Smith <hioctane@gmail.com> wrote:
>
> A paraphrased quote from Cisco LAN Switching.
>
> "you cannot disable VTP, the only option is to use transparent mode"
>
> So if the task is only asking for you to disable VTP and DTP isn't
> mentioned I would use transparent mode and not mess with DTP. Just my
> .02 :-)
>
> --
> Scott
> CCIE #17040 (R&S)
>
>
> On 10/16/06, Godswill Oletu <oletu@inbox.lv> wrote:
> > As Victor has stated, setting the trunking mode to 'nonegoatiate' and
> > configuring VTP transparent mode is the best option. There has been a
> thread
> > on this in the past, check the archives.
> >
> > Filtering with an ACL at best will only prevent VTP from working, it
> will
> > not disable it.
> >
> > HTH
> >
> > Godswill Oletu
> > CCIE #16464 (R&S)
> >
> >
> > ----- Original Message -----
> > From: "Victor Cappuccio" <cvictor@protokolgroup.com>
> > To: "'Jordan Gottlieb'" <thelieber@gmail.com>; "'CharlesB'"
> > <cbalik@adelphia.net>
> > Cc: "'Adam Frederick'" <AFrederick@homefederalbank.com>;
> > <ccielab@groupstudy.com>
> > Sent: Monday, October 16, 2006 12:32 AM
> > Subject: RE: Disabling VTP
> >
> >
> > > Hi Erez, Congratulations on your Digits!!
> > >
> > > But back to the post.
> > >
> > > DTP have something to do with VTP
> > >
> > > From the same link you sent
> http://www.cisco.com/warp/public/473/21.html
> > > Says "
> > > Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP
> packet.
> > > Therefore, if you have two ends of a link that belong to different VTP
> > > domains, the trunk does not come up if you use DTP. In this special
> case,
> > > you must configure the trunk mode as on or nonegotiate, on both sides,
> in
> > > order to allow the trunk to come up without DTP negotiation agreement.
> > > "
> > >
> > > I would agree with Adam here, In setting the Switch to Transparent to
> > avoid
> > > sending VTP Messages over the trunk ports.
> > >
> > > Please look at the following output in detail, I would not think that
> the
> > > mac access-list idea could work, but I would test that out tomorrow
> with a
> > > couple of real 3550, since I'm playing now with Dynamips with an IOS
> of a
> > > 3640 with a NM-16ESW.
> > >
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:16.155: VTP LOG RUNTIME: Transmit vtp summary, domain
> CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF 9D
> FC 23
> > >
> > > Sw2(vlan)#vtp transparent
> > > Setting device to VTP TRANSPARENT mode.
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:39.855: VTP LOG RUNTIME: Transmit vtp summary, domain
> CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF 9D
> FC 23
> > > Sw2(vlan)#
> > >
> > >
> > > Please see that the time the First VTP Summary Message was send out
> was
> > > 00:4:16 and I configured the switch to be in VTP Transparent mode for
> a
> > > short while and set it back to VTP Server. See the VTP summary now
> being
> > > sent out (0.4.39)
> > >
> > > Congratulations again,
> > > Saludos,
> > > Victor.-
> > >
> > >
> > > -----Mensaje original-----
> > > De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
> > Jordan
> > > Gottlieb
> > > Enviado el: Domingo, 15 de Octubre de 2006 11:32 p.m.
> > > Para: CharlesB
> > > CC: Adam Frederick; ccielab@groupstudy.com
> > > Asunto: Re: Disabling VTP
> > >
> > > From http://www.cisco.com/warp/public/473/21.html"
> > >
> > > VTP packets are sent in either Inter-Switch Link (ISL) frames or in
> IEEE
> > > 802.1Q (dot1q) frames. These packets are sent to the destination MAC
> > address
> > > 01-00-0C-CC-CC-CC with a logical link control (LLC) code of Subnetwork
> > > Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP header).
> > >
> > > You should be able to configure a Name MAC Extended ACL filter. (
> > >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/swacl
> > > .htm#wp1177176)
> > > this on the respective port. I have not tried this...But I believe it
> > will
> > > probably work.
> > >
> > > I must caution people not to confuse DTP with VTP. The switchport
> > > nonegotiate command is a DTP disable command (nothing to to with VTP).
> > >
> > > Hope this helps. BTW... I passed my lab a week ago this past
> Thursday in
> > > San Jose. Hope this input (and future to come) helps repay some of
> > benifit
> > > I have obtained from this board.
> > >
> > > Erez Jordan Gottlieb
> > > CCIE #17010
> > >
> > >
> > >
> > > On 10/15/06, CharlesB <cbalik@adelphia.net> wrote:
> > > >
> > > > I assume since VTP runs on the trunks ports, getting the interface
> out
> > of
> > > > trunk mode would solve the issue.
> > > >
> > > > sw1#sh vtp cou
> > > > sw1#sh vtp counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > >
> > non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > > Fa0/24 0 0
> > 0------------------>
> > > > check it out
> > > >
> > > >
> > > >
> > > >
> > > > s1#interface FastEthernet0/24
> > > > switchport mode dynamic desirable
> > > >
> > > >
> > > >
> > > > Since it is in desirable mode, it negotiates the trunk status wit
> the
> > > > other
> > > > link, but if it is a switchport, the vtp counters does not list it
> > > > anymore.
> > > >
> > > > sw1(config)#inter fas0/24
> > > > sw1(config-if)#sw
> > > > sw1(config-if)#switchport mode acc
> > > > sw1(config-if)#end
> > > > sw1#sh
> > > > 10w2d: %SYS-5-CONFIG_I: Configured from console by conssh vtp
> counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > >
> > non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
> Of
> > > > Adam Frederick
> > > > Sent: Sunday, October 15, 2006 6:15 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Disabling VTP
> > > >
> > > >
> > > > ?
> > > > Group
> > > >
> > > > I am working on a practice lab that utilizes 2x3550's & calls for
> > > > disabling
> > > > VTP on the fastethernet interfaces. I have searched and searched
> and
> > > > haven't seen that it is possible to disable VTP on a per-interface
> > basis,
> > > > is
> > > > this correct? I think the solution is to change VTP to transparent
> > since
> > > > the gigabit ports are not being utilized at all in the practice
> > > > lab. Could
> > > > someone confirm this?
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf
> Of
> > > > Adam Frederick
> > > > Sent: Sunday, October 15, 2006 6:15 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Disabling VTP
> > > >
> > > >
> > > > ?
> > > > Group
> > > >
> > > > I am working on a practice lab that utilizes 2x3550's & calls for
> > > > disabling
> > > > VTP on the fastethernet interfaces. I have searched and searched
> and
> > > > haven't seen that it is possible to disable VTP on a per-interface
> > basis,
> > > > is
> > > > this correct? I think the solution is to change VTP to transparent
> > since
> > > > the gigabit ports are not being utilized at all in the practice
> > > > lab. Could
> > > > someone confirm this?
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Roberto Fernandez: "Question on DHCP and multiple gateways assigment"
• Previous message: Vincent Mashburn: "RE: Be=0"
• Maybe in reply to: Adam Frederick: "Disabling VTP"
• Next in thread: Godswill Oletu: "Re: Disabling VTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:05 ART