Hi Rick, Thats weird, cause i set up two switches in my lab (3560's). Lab results: 1) When only allowing the vlan 200 as in the config underneith, it effectively stops the spanning-tree instance for vlan 250. So only vlans allowed will get their spanning-tree instance through according to lab. 2) Even though i manually prune vlan 1, VTP will still come through. Again, with the config below and both switches VTP servers, i created a new vlan on S21, and it correctly propagated to Sw2 :/ 3) CDP seems to get through no matter what i do :)
That is my lab findings :/ Sw1: interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport trunk native vlan 250 switchport trunk allowed vlan 200 switchport mode trunk Sw2: interface FastEthernet0/23 switchport trunk encapsulation dot1q switchport trunk native vlan 250 switchport trunk allowed vlan 200 switchport mode trunk Sincerely, Kim Pedersen Rick Mur wrote: > The only protocol for sure that uses VLAN 1 is VTP. If you block VLAN > 1 than VTP will not get trough. The other protocols are using the > native vlan (correct me if I'm wrong) and by blocking the native vlan > you won't block STP or CDP. > > To block STP or CDP on an interface you need to use other tools like > 'no cdp enable' or 'spanning-tree bpdufilter enable' > > > -- > Regards, > > Rick Mur > CCIE2 #21946 (R&S / Service Provider) > Juniper JNCIA-ER & JNCIA-EX > MCSA:Messaging, MCSE > Sr. Support Engineer – IPexpert, Inc. > URL: http://www.IPexpert.com > > On Thu, Aug 20, 2009 at 1:50 PM, vishal bhugra > <[email protected] <mailto:[email protected]>> wrote: > > HI Kim > > If I remember correctly ..STP, BPDU, CDP like things use VLAN 1 to > travel across. Thats the only reason..vlan 1 is made not be pruned. > > Guys please correct me If I am wrong. > > Thanks > > On Thu, Aug 20, 2009 at 4:51 PM, Kim Pedersen <[email protected] > <mailto:[email protected]>> wrote: > > Hi All, > > I have a question regarding the native vlan in dot1q. Frames > comming > from the vlan that is choosen as the native vlan is not tagged > across > the trunk. I can manually set the native vlan to be, say 200. > I can then > also say that i only want to allow vlan 250 to cross the > trunk. I was > under the impression that stuff like CDP used the native vlan > across > trunks, but if it is manually pruned (by not allowing it), why > does it > still work? > > Am I wrong in that CDP does not use the native vlan? > > What I was trying to do was to follow Cisco's guidelines as > to not use > the native vlan 1. However, since VTP cant prune vlan 1, I was > doing it > manually and came up with this thought... > > Hopefully someone can clear it up for me. > > Thanks > > Sincerely, > Kim Pedersen > > -- > > // Freedom Matters > // Follow my progress on: http://kpjungle.wordpress.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab > training, please visit www.ipexpert.com <http://www.ipexpert.com> > > > > > -- > Thanks®ards > > Vishal > +91-997111066 > Best way to predict the future ..... is to create it > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com <http://www.ipexpert.com> > > > > -- // Freedom Matters // Follow my progress on: http://kpjungle.wordpress.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
