be careful with this. If you are using DTP for trunk negotiation this will break your trunks : )
On Wed, Mar 3, 2010 at 12:11 PM, Carlos G Mendioroz <[email protected]>wrote: > Good to know that CDP eludes the filter :) > > My suggesting to run vtp server with different domain was to make sure > you do not let incoming vtp pass through, as would be the case in > transparent mode (if not using version 1) and was before the filtering > option was considered. > > -Carlos > > Steve Di Bias @ 3/03/2010 13:27 -0300 dixit: > > Carlos, while CDP does use 01-00-0c-cc-cc-cc as it's destination MAC, > > matching on the ethertype with this MAC on the destination only blocks > > VTP, and not CDP. > > > > mac access-list extended deny_vtp > > deny any host 0100.0ccc.cccc 0x2003 0x0000 > > > > As long as you are blocking VTP from coming in and running in > > transparent I don't see why running two separate VTP servers in two > > separate domains would make any difference, it's still being blocked > > with the mac acl. > > > > > > On Wed, Mar 3, 2010 at 2:38 AM, Carlos G Mendioroz <[email protected] > > <mailto:[email protected]>> wrote: > > > > On the contrary, run vtp in server mode with a different domain. > > Some versions of transparent will let vtp go through, hence the name > of > > the mode. Or else, force v1 and use a different domain. > > > > As for the initial question, vtp is a layer 2 protocol much like CDP. > > I'm not aware of a way of filtering it. You can block it's > destination > > MAC but you'll filter CDP as well (01-00-0c-cc-cc-cc) > > (Copied w/o permision from cisco-nsp list, google is your firend TM) > > > > Just a different one, there is a way to filter specific packets on > > content (flexible packet matching) on IOS, and it is available in > some > > switches (6k sup 32-PISA). I doubt this will fit you though. > > > > -Carlos > > > > Steve Di Bias @ 3/03/2010 3:43 -0300 dixit: > > > Try running "vtp mode transparent" > > > That will disable VTP on the switch > > > > > > > > > http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swvtp.html#wp1035326 > > > > > > -Steve Di Bias > > > > > > > > > On Tue, Mar 2, 2010 at 9:28 PM, Nahskur Udniraht < > > > [email protected] > > <mailto:[email protected]>> wrote: > > > > > >> Dear All, > > >> > > >> can I use an access control mechanism to stop VTP messages over a > > trunk > > >> link > > >> ? is it possible to do so ? > > >> > > >> -- > > >> Nahskur Udniraht > > >> > > >> > > >> Blogs and organic groups at http://www.ccie.net > > >> > > >> > > > _______________________________________________________________________ > > >> Subscription information may be found at: > > >> http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > Blogs and organic groups at http://www.ccie.net > > > > > > > > > _______________________________________________________________________ > > > Subscription information may be found at: > > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Carlos G Mendioroz <[email protected] <mailto:[email protected]>> > > LW7 EQI Argentina > > > > > > > > > > -- > > -Steve Di Bias > > -- > Carlos G Mendioroz <[email protected]> LW7 EQI Argentina > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > > > > > > > -- Regards, Joe Astorino CCIE #24347 (R&S) Sr. Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
