From: paul cosgrove (paul.cosgrove@gmail.com)
Date: Sat Jul 12 2008 - 17:05:23 ART
MAC acls can be used to stop VTP being received, they cannot be used to
stop advertisements being sent; vtp transparent mode will do that for you.
In later versions of IOS there is also a "vtp mode off" command.
The (ether)type values can be used to differentiate the protocols. You
cannot match the PID, only the (ether) type part of it.
You can find a discussion about this including examples of MAC ACLs here:-
http://puck.nether.net/pipermail/cisco-nsp/2008-April/050185.html
Paul.
Jason Madsen wrote:
> to be further specific you could block it by it's PID, which is 0x2003,
> along with 01:00:0C:CC:CC:CC. CDP's is 0x2000 etc.
>
> Jason
>
> On Sat, Jul 12, 2008 at 12:32 PM, Jason Madsen <madsen.jason@gmail.com>
> wrote:
>
>
>> hmmmm, that's a good one. of course vtp mode transparent may prevent the
>> device from participating in vtp (especially VTP v1), but to actually
block
>> it is another thing. i believe you could use a MACL and block
01:00:0C:CC:CC:CC,
>> but i also believe that CDP, UDLD, DTP, and PAGP also use this address so
>> you might have to look at the implications of doing such a thing. you
might
>> want to use different VTP domain names to further prevent compatibility
>> between the systems, although that could be considered overkill.
>>
>> just some thoughts,
>> Jason
>>
>> On Sat, Jul 12, 2008 at 12:12 PM, akyccie <akyccie@gmail.com> wrote:
>>
>>
>>> How to block VTP advertisement ???
>>>
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART