RE: Disabling VTP/DTP

From: Jay Hanke (Jay.Hanke@midwestwireless.com)
Date: Mon Oct 30 2006 - 11:12:35 ART

If I understand correctly switchport nonegotiate (and set to access)
should turn off DTP on the port. I tried this on a 3550 (Version
12.1(19)EA1a) but when I do a show dtp or show dtp interface the
interfaces still show up in the count or in the list respectively. If I
do a no switchport on the interface it is removed.

Does switchport nonegotiate turn off dtp for the interface or do I need
to do something in addition? Also, is the proper way to verify that DTP
is off to use show dtp interface?

Thanks,

Jay

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Godswill Oletu
Sent: Monday, October 16, 2006 7:59 PM
To: Scott Smith
Cc: Victor Cappuccio; Jordan Gottlieb; CharlesB; Adam Frederick;
ccielab@groupstudy.com
Subject: Re: Disabling VTP

Scott,

All that the text of that book you paraphrased is saying is that, there
is
no magical command like 'no vtp' or the like to disable VTP. If you can
do
something else that will result in the absence or non-operation of VTP
that
is liken to disabling it, then you have essentially disabled it and
enabling
transparent mode will do that.

Godswill Oletu
CCIE #16464 (R&S).

----- Original Message -----
From: "Scott Smith" <hioctane@gmail.com>
To: "Godswill Oletu" <oletu@inbox.lv>
Cc: "Victor Cappuccio" <cvictor@protokolgroup.com>; "Jordan Gottlieb"
<thelieber@gmail.com>; "CharlesB" <cbalik@adelphia.net>; "Adam
Frederick"
<AFrederick@homefederalbank.com>; <ccielab@groupstudy.com>
Sent: Monday, October 16, 2006 9:41 AM
Subject: Re: Disabling VTP

> A paraphrased quote from Cisco LAN Switching.
>
> "you cannot disable VTP, the only option is to use transparent mode"
>
> So if the task is only asking for you to disable VTP and DTP isn't
> mentioned I would use transparent mode and not mess with DTP. Just my
> .02 :-)
>
> --
> Scott
> CCIE #17040 (R&S)
>
>
> On 10/16/06, Godswill Oletu <oletu@inbox.lv> wrote:
> > As Victor has stated, setting the trunking mode to 'nonegoatiate'
and
> > configuring VTP transparent mode is the best option. There has been
a
thread
> > on this in the past, check the archives.
> >
> > Filtering with an ACL at best will only prevent VTP from working, it
will
> > not disable it.
> >
> > HTH
> >
> > Godswill Oletu
> > CCIE #16464 (R&S)
> >
> >
> > ----- Original Message -----
> > From: "Victor Cappuccio" <cvictor@protokolgroup.com>
> > To: "'Jordan Gottlieb'" <thelieber@gmail.com>; "'CharlesB'"
> > <cbalik@adelphia.net>
> > Cc: "'Adam Frederick'" <AFrederick@homefederalbank.com>;
> > <ccielab@groupstudy.com>
> > Sent: Monday, October 16, 2006 12:32 AM
> > Subject: RE: Disabling VTP
> >
> >
> > > Hi Erez, Congratulations on your Digits!!
> > >
> > > But back to the post.
> > >
> > > DTP have something to do with VTP
> > >
> > > From the same link you sent
http://www.cisco.com/warp/public/473/21.html
> > > Says "
> > > Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP
packet.
> > > Therefore, if you have two ends of a link that belong to different
VTP
> > > domains, the trunk does not come up if you use DTP. In this
special
case,
> > > you must configure the trunk mode as on or nonegotiate, on both
sides,
in
> > > order to allow the trunk to come up without DTP negotiation
agreement.
> > > "
> > >
> > > I would agree with Adam here, In setting the Switch to Transparent
to
> > avoid
> > > sending VTP Messages over the trunk ports.
> > >
> > > Please look at the following output in detail, I would not think
that
the
> > > mac access-list idea could work, but I would test that out
tomorrow
with a
> > > couple of real 3550, since I'm playing now with Dynamips with an
IOS
of a
> > > 3640 with a NM-16ESW.
> > >
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:16.155: VTP LOG RUNTIME: Transmit vtp summary,
domain
CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF
9D
FC 23
> > >
> > > Sw2(vlan)#vtp transparent
> > > Setting device to VTP TRANSPARENT mode.
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:39.855: VTP LOG RUNTIME: Transmit vtp summary,
domain
CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF
9D
FC 23
> > > Sw2(vlan)#
> > >
> > >
> > > Please see that the time the First VTP Summary Message was send
out
was
> > > 00:4:16 and I configured the switch to be in VTP Transparent mode
for
a
> > > short while and set it back to VTP Server. See the VTP summary now
being
> > > sent out (0.4.39)
> > >
> > > Congratulations again,
> > > Saludos,
> > > Victor.-
> > >
> > >
> > > -----Mensaje original-----
> > > De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre
de
> > Jordan
> > > Gottlieb
> > > Enviado el: Domingo, 15 de Octubre de 2006 11:32 p.m.
> > > Para: CharlesB
> > > CC: Adam Frederick; ccielab@groupstudy.com
> > > Asunto: Re: Disabling VTP
> > >
> > > From http://www.cisco.com/warp/public/473/21.html"
> > >
> > > VTP packets are sent in either Inter-Switch Link (ISL) frames or
in
IEEE
> > > 802.1Q (dot1q) frames. These packets are sent to the destination
MAC
> > address
> > > 01-00-0C-CC-CC-CC with a logical link control (LLC) code of
Subnetwork
> > > Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP
header).
> > >
> > > You should be able to configure a Name MAC Extended ACL filter. (
> > >
> >
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/s
wacl
> > > .htm#wp1177176)
> > > this on the respective port. I have not tried this...But I
believe it
> > will
> > > probably work.
> > >
> > > I must caution people not to confuse DTP with VTP. The switchport
> > > nonegotiate command is a DTP disable command (nothing to to with
VTP).
> > >
> > > Hope this helps. BTW... I passed my lab a week ago this past
Thursday in
> > > San Jose. Hope this input (and future to come) helps repay some
of
> > benifit
> > > I have obtained from this board.
> > >
> > > Erez Jordan Gottlieb
> > > CCIE #17010
> > >
> > >
> > >
> > > On 10/15/06, CharlesB <cbalik@adelphia.net> wrote:
> > > >
> > > > I assume since VTP runs on the trunks ports, getting the
interface
out
> > of
> > > > trunk mode would solve the issue.
> > > >
> > > > sw1#sh vtp cou
> > > > sw1#sh vtp counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > > >
non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > > Fa0/24 0 0
> > 0------------------>
> > > > check it out
> > > >
> > > >
> > > >
> > > >
> > > > s1#interface FastEthernet0/24
> > > > switchport mode dynamic desirable
> > > >
> > > >
> > > >
> > > > Since it is in desirable mode, it negotiates the trunk status
wit
the
> > > > other
> > > > link, but if it is a switchport, the vtp counters does not list
it
> > > > anymore.
> > > >
> > > > sw1(config)#inter fas0/24
> > > > sw1(config-if)#sw
> > > > sw1(config-if)#switchport mode acc
> > > > sw1(config-if)#end
> > > > sw1#sh
> > > > 10w2d: %SYS-5-CONFIG_I: Configured from console by conssh vtp
counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > > >
non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf
Of
> > > > Adam Frederick
> > > > Sent: Sunday, October 15, 2006 6:15 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Disabling VTP
> > > >
> > > >
> > > > ?
> > > > Group
> > > >
> > > > I am working on a practice lab that utilizes 2x3550's & calls
for
> > > > disabling
> > > > VTP on the fastethernet interfaces. I have searched and
searched
and
> > > > haven't seen that it is possible to disable VTP on a
per-interface
> > basis,
> > > > is
> > > > this correct? I think the solution is to change VTP to
transparent
> > since
> > > > the gigabit ports are not being utilized at all in the practice
> > > > lab. Could
> > > > someone confirm this?
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > >

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART