Re: VTP

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jul 12 2008 - 18:51:05 ART

• Next message: Wes Stevens: "Re: CCDE Practical Exam"
• Previous message: Colin McNamara: "Re: CCDE Practical Exam"
• Maybe in reply to: paul cosgrove: "VTP"
• Next in thread: paul cosgrove: "Re: VTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think ethertype and PID are essentially one in the same. It just depends
on which source you reference. In MACLs they use the term ethertype, but in
packet captures the actual value is the PID (protocol ID). At least they
seem to directly coincide:

VTP 0x2003
CDP 0x2000
DTP 0x2004
UDLD 0x0111

...but great write ups you provided. i think aky is about a blocking VTP
kind of person as any now:-)

Jason

On Sat, Jul 12, 2008 at 2:05 PM, paul cosgrove <paul.cosgrove@gmail.com>
wrote:

>
> MAC acls can be used to stop VTP being received, they cannot be used to
> stop advertisements being sent; vtp transparent mode will do that for
> you. In later versions of IOS there is also a "vtp mode off" command.
>
> The (ether)type values can be used to differentiate the protocols. You
> cannot match the PID, only the (ether) type part of it.
>
> You can find a discussion about this including examples of MAC ACLs here:-
> http://puck.nether.net/pipermail/cisco-nsp/2008-April/050185.html
>
> Paul.
>
>
> Jason Madsen wrote:
> > to be further specific you could block it by it's PID, which is 0x2003,
> > along with 01:00:0C:CC:CC:CC. CDP's is 0x2000 etc.
> >
> > Jason
> >
> > On Sat, Jul 12, 2008 at 12:32 PM, Jason Madsen <madsen.jason@gmail.com>
> > wrote:
> >
> >
> >> hmmmm, that's a good one. of course vtp mode transparent may prevent
> the
> >> device from participating in vtp (especially VTP v1), but to actually
> block
> >> it is another thing. i believe you could use a MACL and block
> 01:00:0C:CC:CC:CC,
> >> but i also believe that CDP, UDLD, DTP, and PAGP also use this address
> so
> >> you might have to look at the implications of doing such a thing. you
> might
> >> want to use different VTP domain names to further prevent compatibility
> >> between the systems, although that could be considered overkill.
> >>
> >> just some thoughts,
> >> Jason
> >>
> >> On Sat, Jul 12, 2008 at 12:12 PM, akyccie <akyccie@gmail.com> wrote:
> >>
> >>
> >>> How to block VTP advertisement ???
> >>>
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Wes Stevens: "Re: CCDE Practical Exam"
• Previous message: Colin McNamara: "Re: CCDE Practical Exam"
• Maybe in reply to: paul cosgrove: "VTP"
• Next in thread: paul cosgrove: "Re: VTP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART