Just to make sure I decided to test this and it worked fine. Cat1 = vtp server Cat2 = vtp client
vtp domain is "steve" and the switches are trunking over ports gig0/1, fa0/20-21. I created two vlans on Cat1 and they propagated down to Cat2, so everything is working as designed. Next I create the mac acl on Cat2 and applied to the trunk interfaces as follows int range gig0/1 , fa0/20 - 21 mac access-group deny_vtp in I then created two more vlans on Cat1 and they are no longer propagating down to Cat2. However running a "debug sw-vlan vtp xmit" on Cat1 shows that it's still sending VTP info out the trunks to Cat2, so while this blocks VTP it does NOT stop the messages from being sent but it blocks them on the other end. Hope this helps! On Tue, Mar 2, 2010 at 11:11 PM, Steve Di Bias <[email protected]> wrote: > After poking around a little bit it looks like the ethertype for vtp is > 0x2003 (dst 0100.0ccc.cccc). I would configure the switches for transparent > mode and a mac access list matching the above ethertype > > mac access-list extended deny_vtp > deny any host 0100.0ccc.cccc 0x2003 0x000 > permit any any > > interface slot/port > mac access-group deny_vtp in > > -Steve Di Bias > > > > On Tue, Mar 2, 2010 at 10:52 PM, Cristian Matei < > [email protected]> wrote: > >> Hi Steve, >> >> It will disable switch generated VTP messages but NOT relaying of >> received VTP messages. >> >> Regards, >> Cristian. >> >> -----Original Message----- >> From: [email protected] [mailto:[email protected]] On Behalf Of >> Steve Di Bias >> Sent: Wednesday, March 03, 2010 8:44 AM >> To: Nahskur Udniraht >> Cc: [email protected]; [email protected]; CC IE >> Subject: Re: how to disable VTP propogation over trunk link >> >> Try running "vtp mode transparent" >> That will disable VTP on the switch >> >> >> http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/1 >> 2.1_19_ea1/configuration/guide/swvtp.html#wp1035326 >> >> -Steve Di Bias >> >> >> On Tue, Mar 2, 2010 at 9:28 PM, Nahskur Udniraht < >> [email protected]> wrote: >> >> > Dear All, >> > >> > can I use an access control mechanism to stop VTP messages over a trunk >> > link >> > ? is it possible to do so ? >> > >> > -- >> > Nahskur Udniraht >> > >> > >> > Blogs and organic groups at http://www.ccie.net >> > >> > _______________________________________________________________________ >> > Subscription information may be found at: >> > http://www.groupstudy.com/list/CCIELab.html >> >> >> Blogs and organic groups at http://www.ccie.net >> >> _______________________________________________________________________ >> Subscription information may be found at: >> http://www.groupstudy.com/list/CCIELab.html >> >> >> >> >> >> >> >> > -- -Steve Di Bias
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
