From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jul 12 2008 - 21:06:39 ART
sounds good to me.
On Sat, Jul 12, 2008 at 6:03 PM, paul cosgrove <paul.cosgrove@gmail.com>
wrote:
> Hi Jason,
>
> A five octet PID may be equivalent to a 2 octet Ethertype when
> OUI=00:00:00, but they are not the same for VTP, CDP etc, since their OUI is
> set to the Cisco OUI and so all five octets of the PID are used. The values
> you have listed are not the full PID values.
>
> There clearly is confusion about this, and I know that some sniffer
> programs list the PID as being just the last two octets, but I do not see an
> explanation for such a useage in IEEE 802-1990:-
>
> "5.3 Protocol Identifier
> 5.3.1 Concept
> ...
> All SNAP PDUs contain a Protocol Identification Field. An organization
> uses its OUI to identify, using a universal unique value, its own protocols.
>
> The protocol identifier is 40 bits in length....The first 24 bits of the
> protocol identifier correspond to the OUI in exactly the same fashion as in
> 48-bit LAN MAC addresses. The remaining 16 bits are locally administered by
> the assignee."
>
> "5.3.2 Represention of a Protocol Identifier.
> The protocol identifier is represented as a string of five octets separated
> by hyphens. The octets are displayed left to right in the order they are
> transmitted on the LAN medium. Each octet is displayed as two hexadecimal
> digits. The M bit of the first octet is the first bit of the
> Organizationally Unique Identifier and is the least significant."
>
> Paul.
>
>
>
> On Sat, Jul 12, 2008 at 10:51 PM, Jason Madsen <madsen.jason@gmail.com>
> wrote:
>
>> I think ethertype and PID are essentially one in the same. It just
>> depends on which source you reference. In MACLs they use the term
>> ethertype, but in packet captures the actual value is the PID (protocol
>> ID). At least they seem to directly coincide:
>>
>> VTP 0x2003
>> CDP 0x2000
>> DTP 0x2004
>> UDLD 0x0111
>>
>> ...but great write ups you provided. i think aky is about a blocking VTP
>> kind of person as any now:-)
>>
>> Jason
>>
>> On Sat, Jul 12, 2008 at 2:05 PM, paul cosgrove <paul.cosgrove@gmail.com>
>> wrote:
>>
>>>
>>> MAC acls can be used to stop VTP being received, they cannot be used to
>>> stop advertisements being sent; vtp transparent mode will do that for
>>> you. In later versions of IOS there is also a "vtp mode off" command.
>>>
>>> The (ether)type values can be used to differentiate the protocols. You
>>> cannot match the PID, only the (ether) type part of it.
>>>
>>> You can find a discussion about this including examples of MAC ACLs
>>> here:-
>>> http://puck.nether.net/pipermail/cisco-nsp/2008-April/050185.html
>>>
>>> Paul.
>>>
>>>
>>> Jason Madsen wrote:
>>> > to be further specific you could block it by it's PID, which is 0x2003,
>>> > along with 01:00:0C:CC:CC:CC. CDP's is 0x2000 etc.
>>> >
>>> > Jason
>>> >
>>> > On Sat, Jul 12, 2008 at 12:32 PM, Jason Madsen <madsen.jason@gmail.com
>>> >
>>> > wrote:
>>> >
>>> >
>>> >> hmmmm, that's a good one. of course vtp mode transparent may prevent
>>> the
>>> >> device from participating in vtp (especially VTP v1), but to actually
>>> block
>>> >> it is another thing. i believe you could use a MACL and block
>>> 01:00:0C:CC:CC:CC,
>>> >> but i also believe that CDP, UDLD, DTP, and PAGP also use this address
>>> so
>>> >> you might have to look at the implications of doing such a thing. you
>>> might
>>> >> want to use different VTP domain names to further prevent
>>> compatibility
>>> >> between the systems, although that could be considered overkill.
>>> >>
>>> >> just some thoughts,
>>> >> Jason
>>> >>
>>> >> On Sat, Jul 12, 2008 at 12:12 PM, akyccie <akyccie@gmail.com> wrote:
>>> >>
>>> >>
>>> >>> How to block VTP advertisement ???
>>> >>>
>>> >>>
>>> >>>
>>> _______________________________________________________________________
>>> >>> Subscription information may be found at:
>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>> >>>
>>> >
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:54 ART