Carlos, while CDP does use 01-00-0c-cc-cc-cc as it's destination MAC, matching on the ethertype with this MAC on the destination only blocks VTP, and not CDP.
mac access-list extended deny_vtp deny any host 0100.0ccc.cccc 0x2003 0x0000 As long as you are blocking VTP from coming in and running in transparent I don't see why running two separate VTP servers in two separate domains would make any difference, it's still being blocked with the mac acl. On Wed, Mar 3, 2010 at 2:38 AM, Carlos G Mendioroz <[email protected]> wrote: > On the contrary, run vtp in server mode with a different domain. > Some versions of transparent will let vtp go through, hence the name of > the mode. Or else, force v1 and use a different domain. > > As for the initial question, vtp is a layer 2 protocol much like CDP. > I'm not aware of a way of filtering it. You can block it's destination > MAC but you'll filter CDP as well (01-00-0c-cc-cc-cc) > (Copied w/o permision from cisco-nsp list, google is your firend TM) > > Just a different one, there is a way to filter specific packets on > content (flexible packet matching) on IOS, and it is available in some > switches (6k sup 32-PISA). I doubt this will fit you though. > > -Carlos > > Steve Di Bias @ 3/03/2010 3:43 -0300 dixit: > > Try running "vtp mode transparent" > > That will disable VTP on the switch > > > > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swvtp.html#wp1035326 > > > > -Steve Di Bias > > > > > > On Tue, Mar 2, 2010 at 9:28 PM, Nahskur Udniraht < > > [email protected]> wrote: > > > >> Dear All, > >> > >> can I use an access control mechanism to stop VTP messages over a trunk > >> link > >> ? is it possible to do so ? > >> > >> -- > >> Nahskur Udniraht > >> > >> > >> Blogs and organic groups at http://www.ccie.net > >> > >> _______________________________________________________________________ > >> Subscription information may be found at: > >> http://www.groupstudy.com/list/CCIELab.html > > > > > > Blogs and organic groups at http://www.ccie.net > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > > > > > > > -- > Carlos G Mendioroz <[email protected]> LW7 EQI Argentina > -- -Steve Di Bias
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
