From: Jay Hanke (Jay.Hanke@midwestwireless.com)
Date: Mon Oct 30 2006 - 12:37:29 ART
I did that here is the config from interface fa0/1. I forgot to include
the config on my last email.
interface FastEthernet0/1
switchport access vlan 2
switchport mode access
switchport nonegotiate
no ip address
end
fa0/9 has no switchport set. My understanding is that if switchport
nonegotiate is set the interface should not be counted under show dtp or
show up under sho dtp interface. I wonder if it is an IOS bug. Has
anyone tried this on a more current IOS?
Jay
________________________________
From: Adam Frederick [mailto:AFrederick@homefederalbank.com]
Sent: Monday, October 30, 2006 9:19 AM
To: Jay Hanke
Subject: RE: Disabling VTP/DTP
Yep, looks like you only have DTP disabled on Port 9, so all other ports
are still passing DTP traffic. You need to do an interface range on all
ports and enter switchport nonegotiate and see what happens from there.
This should stop those messages from updating. I don't have spare
switches to test on so please let me know!!!
________________________________
From: Jay Hanke [mailto:Jay.Hanke@midwestwireless.com]
Sent: Monday, October 30, 2006 10:14 AM
To: Adam Frederick
Subject: RE: Disabling VTP/DTP
Should the count decrease on the show dtp when dtp is disabled on an
interface?
CAT2#sho int switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
CAT2#sho dtp interface
DTP information for FastEthernet0/1:
TOS/TAS/TNS: ACCESS/OFF/ACCESS
TOT/TAT/TNT: NATIVE/NEGOTIATE/NATIVE
Neighbor address 1: 000000000000
Neighbor address 2: 000000000000
Hello timer expiration (sec/state): never/STOPPED
Access timer expiration (sec/state): never/STOPPED
Negotiation timer expiration (sec/state): never/STOPPED
Multidrop timer expiration (sec/state): never/STOPPED
FSM state: S1:OFF
# times multi & trunk 0
Enabled: no
In STP: no
Statistics
----------
0 packets received (0 good)
0 packets dropped
0 nonegotiate, 0 bad version, 0 domain mismatches,
0 bad TLVs, 0 bad TAS, 0 bad TAT, 0 bad TOT, 0 other
0 packets output (0 good)
0 native, 0 software encap isl, 0 isl hardware native
0 output errors
CAT2#sho dtp
Global DTP information
Sending DTP Hello packets every 30 seconds
Dynamic Trunk timeout is 300 seconds
23 interfaces using DTP
CAT2#sh dtp int | inc Fast
DTP information for FastEthernet0/1:
DTP information for FastEthernet0/2:
DTP information for FastEthernet0/3:
DTP information for FastEthernet0/4:
DTP information for FastEthernet0/5:
DTP information for FastEthernet0/6:
DTP information for FastEthernet0/7:
DTP information for FastEthernet0/8:
DTP information for FastEthernet0/10:
DTP information for FastEthernet0/11:
DTP information for FastEthernet0/12:
DTP information for FastEthernet0/13:
DTP information for FastEthernet0/14:
DTP information for FastEthernet0/15:
DTP information for FastEthernet0/16:
DTP information for FastEthernet0/17:
DTP information for FastEthernet0/18:
DTP information for FastEthernet0/19:
DTP information for FastEthernet0/20:
DTP information for FastEthernet0/21:
DTP information for FastEthernet0/22:
DTP information for FastEthernet0/23:
DTP information for FastEthernet0/24:
CAT2#
________________________________
From: Adam Frederick [mailto:AFrederick@homefederalbank.com]
Sent: Monday, October 30, 2006 8:26 AM
To: Jay Hanke
Subject: RE: Disabling VTP/DTP
Jay;
It is my understanding, whether it is a switchport or a trunk port,
"switchport nonegotiate" will disable the sending of DTP frames. I'm
looking forward to input from other members on this one. One final
word, if you do a "show interface fa0/0 switchport", it should show
whether or not dynamic negotiation is enabled.
HTH
Adam
________________________________
From: nobody@groupstudy.com on behalf of Jay Hanke
Sent: Mon 10/30/2006 9:12 AM
To: Godswill Oletu; Scott Smith
Cc: Victor Cappuccio; Jordan Gottlieb; CharlesB; Adam Frederick;
ccielab@groupstudy.com
Subject: RE: Disabling VTP/DTP
If I understand correctly switchport nonegotiate (and set to access)
should turn off DTP on the port. I tried this on a 3550 (Version
12.1(19)EA1a) but when I do a show dtp or show dtp interface the
interfaces still show up in the count or in the list respectively. If I
do a no switchport on the interface it is removed.
Does switchport nonegotiate turn off dtp for the interface or do I need
to do something in addition? Also, is the proper way to verify that DTP
is off to use show dtp interface?
Thanks,
Jay
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Godswill Oletu
Sent: Monday, October 16, 2006 7:59 PM
To: Scott Smith
Cc: Victor Cappuccio; Jordan Gottlieb; CharlesB; Adam Frederick;
ccielab@groupstudy.com
Subject: Re: Disabling VTP
Scott,
All that the text of that book you paraphrased is saying is that, there
is
no magical command like 'no vtp' or the like to disable VTP. If you can
do
something else that will result in the absence or non-operation of VTP
that
is liken to disabling it, then you have essentially disabled it and
enabling
transparent mode will do that.
Godswill Oletu
CCIE #16464 (R&S).
----- Original Message -----
From: "Scott Smith" <hioctane@gmail.com>
To: "Godswill Oletu" <oletu@inbox.lv>
Cc: "Victor Cappuccio" <cvictor@protokolgroup.com>; "Jordan Gottlieb"
<thelieber@gmail.com>; "CharlesB" <cbalik@adelphia.net>; "Adam
Frederick"
<AFrederick@homefederalbank.com>; <ccielab@groupstudy.com>
Sent: Monday, October 16, 2006 9:41 AM
Subject: Re: Disabling VTP
> A paraphrased quote from Cisco LAN Switching.
>
> "you cannot disable VTP, the only option is to use transparent mode"
>
> So if the task is only asking for you to disable VTP and DTP isn't
> mentioned I would use transparent mode and not mess with DTP. Just my
> .02 :-)
>
> --
> Scott
> CCIE #17040 (R&S)
>
>
> On 10/16/06, Godswill Oletu <oletu@inbox.lv> wrote:
> > As Victor has stated, setting the trunking mode to 'nonegoatiate'
and
> > configuring VTP transparent mode is the best option. There has been
a
thread
> > on this in the past, check the archives.
> >
> > Filtering with an ACL at best will only prevent VTP from working, it
will
> > not disable it.
> >
> > HTH
> >
> > Godswill Oletu
> > CCIE #16464 (R&S)
> >
> >
> > ----- Original Message -----
> > From: "Victor Cappuccio" <cvictor@protokolgroup.com>
> > To: "'Jordan Gottlieb'" <thelieber@gmail.com>; "'CharlesB'"
> > <cbalik@adelphia.net>
> > Cc: "'Adam Frederick'" <AFrederick@homefederalbank.com>;
> > <ccielab@groupstudy.com>
> > Sent: Monday, October 16, 2006 12:32 AM
> > Subject: RE: Disabling VTP
> >
> >
> > > Hi Erez, Congratulations on your Digits!!
> > >
> > > But back to the post.
> > >
> > > DTP have something to do with VTP
> > >
> > > From the same link you sent
http://www.cisco.com/warp/public/473/21.html
> > > Says "
> > > Dynamic Trunking Protocol (DTP) sends the VTP domain name in a DTP
packet.
> > > Therefore, if you have two ends of a link that belong to different
VTP
> > > domains, the trunk does not come up if you use DTP. In this
special
case,
> > > you must configure the trunk mode as on or nonegotiate, on both
sides,
in
> > > order to allow the trunk to come up without DTP negotiation
agreement.
> > > "
> > >
> > > I would agree with Adam here, In setting the Switch to Transparent
to
> > avoid
> > > sending VTP Messages over the trunk ports.
> > >
> > > Please look at the following output in detail, I would not think
that
the
> > > mac access-list idea could work, but I would test that out
tomorrow
with a
> > > couple of real 3550, since I'm playing now with Dynamips with an
IOS
of a
> > > 3640 with a NM-16ESW.
> > >
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:16.155: VTP LOG RUNTIME: Transmit vtp summary,
domain
CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF
9D
FC 23
> > >
> > > Sw2(vlan)#vtp transparent
> > > Setting device to VTP TRANSPARENT mode.
> > > Sw2(vlan)#vtp server
> > > Setting device to VTP SERVER mode.
> > > Sw2(vlan)#
> > > *Mar 1 00:04:39.855: VTP LOG RUNTIME: Transmit vtp summary,
domain
CISCO,
> > > rev 0
> > > , followers 1
> > > MD5 digest calculated = 00 31 17 6B 64 9D 1A 91 56 96 10 B4 FF
9D
FC 23
> > > Sw2(vlan)#
> > >
> > >
> > > Please see that the time the First VTP Summary Message was send
out
was
> > > 00:4:16 and I configured the switch to be in VTP Transparent mode
for
a
> > > short while and set it back to VTP Server. See the VTP summary now
being
> > > sent out (0.4.39)
> > >
> > > Congratulations again,
> > > Saludos,
> > > Victor.-
> > >
> > >
> > > -----Mensaje original-----
> > > De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre
de
> > Jordan
> > > Gottlieb
> > > Enviado el: Domingo, 15 de Octubre de 2006 11:32 p.m.
> > > Para: CharlesB
> > > CC: Adam Frederick; ccielab@groupstudy.com
> > > Asunto: Re: Disabling VTP
> > >
> > > From http://www.cisco.com/warp/public/473/21.html"
> > >
> > > VTP packets are sent in either Inter-Switch Link (ISL) frames or
in
IEEE
> > > 802.1Q (dot1q) frames. These packets are sent to the destination
MAC
> > address
> > > 01-00-0C-CC-CC-CC with a logical link control (LLC) code of
Subnetwork
> > > Access Protocol (SNAP) (AAAA) and a type of 2003 (in the SNAP
header).
> > >
> > > You should be able to configure a Name MAC Extended ACL filter. (
> > >
> >
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/scg/s
wacl
> > > .htm#wp1177176)
> > > this on the respective port. I have not tried this...But I
believe it
> > will
> > > probably work.
> > >
> > > I must caution people not to confuse DTP with VTP. The switchport
> > > nonegotiate command is a DTP disable command (nothing to to with
VTP).
> > >
> > > Hope this helps. BTW... I passed my lab a week ago this past
Thursday in
> > > San Jose. Hope this input (and future to come) helps repay some
of
> > benifit
> > > I have obtained from this board.
> > >
> > > Erez Jordan Gottlieb
> > > CCIE #17010
> > >
> > >
> > >
> > > On 10/15/06, CharlesB <cbalik@adelphia.net> wrote:
> > > >
> > > > I assume since VTP runs on the trunks ports, getting the
interface
out
> > of
> > > > trunk mode would solve the issue.
> > > >
> > > > sw1#sh vtp cou
> > > > sw1#sh vtp counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > > >
non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > > Fa0/24 0 0
> > 0------------------>
> > > > check it out
> > > >
> > > >
> > > >
> > > >
> > > > s1#interface FastEthernet0/24
> > > > switchport mode dynamic desirable
> > > >
> > > >
> > > >
> > > > Since it is in desirable mode, it negotiates the trunk status
wit
the
> > > > other
> > > > link, but if it is a switchport, the vtp counters does not list
it
> > > > anymore.
> > > >
> > > > sw1(config)#inter fas0/24
> > > > sw1(config-if)#sw
> > > > sw1(config-if)#switchport mode acc
> > > > sw1(config-if)#end
> > > > sw1#sh
> > > > 10w2d: %SYS-5-CONFIG_I: Configured from console by conssh vtp
counters
> > > > VTP statistics:
> > > > Summary advertisements received : 0
> > > > Subset advertisements received : 0
> > > > Request advertisements received : 0
> > > > Summary advertisements transmitted : 0
> > > > Subset advertisements transmitted : 0
> > > > Request advertisements transmitted : 0
> > > > Number of config revision errors : 0
> > > > Number of config digest errors : 0
> > > > Number of V1 summary errors : 0
> > > >
> > > >
> > > > VTP pruning statistics:
> > > >
> > > > Trunk Join Transmitted Join Received Summary advts
> > received
> > > > from
> > > >
non-pruning-capable
> > > > device
> > > > ---------------- ---------------- ----------------
> > > > -------------------------
> > > > --
> > > > Fa0/13 0 0 0
> > > > Fa0/14 0 0 0
> > > > Fa0/15 0 0 0
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf
Of
> > > > Adam Frederick
> > > > Sent: Sunday, October 15, 2006 6:15 PM
> > > > To: ccielab@groupstudy.com
> > > > Subject: Disabling VTP
> > > >
> > > >
> > > > ?
> > > > Group
> > > >
> > > > I am working on a practice lab that utilizes 2x3550's & calls
for
> > > > disabling
> > > > VTP on the fastethernet interfaces. I have searched and
searched
and
> > > > haven't seen that it is possible to disable VTP on a
per-interface
> > basis,
> > > > is
> > > > this correct? I think the solution is to change VTP to
transparent
> > since
> > > > the gigabit ports are not being utilized at all in the practice
> > > > lab. Could
> > > > someone confirm this?
> > > >
> > > > Thanks,
> > > > Adam
> > > >
> > > >
This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:07 ART