Re: how to disable VTP propogation over trunk link from Steve Di Bias on 2010-03-03 (Ccielab archives 03/2010)

From: Steve Di Bias <sdibias_at_gmail.com>
Date: Wed, 3 Mar 2010 08:27:58 -0800

Carlos, while CDP does use 01-00-0c-cc-cc-cc as it's destination MAC,
matching on the ethertype with this MAC on the destination only blocks VTP,
and not CDP.

mac access-list extended deny_vtp
deny any host 0100.0ccc.cccc 0x2003 0x0000

As long as you are blocking VTP from coming in and running in transparent I
don't see why running two separate VTP servers in two separate domains would
make any difference, it's still being blocked with the mac acl.

On Wed, Mar 3, 2010 at 2:38 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:

> On the contrary, run vtp in server mode with a different domain.
> Some versions of transparent will let vtp go through, hence the name of
> the mode. Or else, force v1 and use a different domain.
>
> As for the initial question, vtp is a layer 2 protocol much like CDP.
> I'm not aware of a way of filtering it. You can block it's destination
> MAC but you'll filter CDP as well (01-00-0c-cc-cc-cc)
> (Copied w/o permision from cisco-nsp list, google is your firend TM)
>
> Just a different one, there is a way to filter specific packets on
> content (flexible packet matching) on IOS, and it is available in some
> switches (6k sup 32-PISA). I doubt this will fit you though.
>
> -Carlos
>
> Steve Di Bias @ 3/03/2010 3:43 -0300 dixit:
> > Try running "vtp mode transparent"
> > That will disable VTP on the switch
> >
> >
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swvtp.html#wp1035326
> >
> > -Steve Di Bias
> >
> >
> > On Tue, Mar 2, 2010 at 9:28 PM, Nahskur Udniraht <
> > expertinternetwork_at_gmail.com> wrote:
> >
> >> Dear All,
> >>
> >> can I use an access control mechanism to stop VTP messages over a trunk
> >> link
> >> ? is it possible to do so ?
> >>
> >> --
> >> Nahskur Udniraht
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>

-- 
-Steve Di Bias
Blogs and organic groups at http://www.ccie.net

Received on Wed Mar 03 2010 - 08:27:58 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART