On Sun, Apr 20, 2008 at 11:27:37AM +0300, Tassos Chatzithomaoglou wrote:
2) block 01-00-0C-CC-CC-CC (used by CDP too)
Can be done on ingress only on 3750G. Any chance of blocking egress VTP
too?
4) block vlan 1 (although actually that's not possible)
Hm, modern IOS switches seem to be able to
Phil Mayers wrote:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means encyclopaedic)
knowledge, there is no such thing.
In any event, Tassos has already suggested:
1) make the port an access port
2) block
:13 PM
To: Phil Mayers
Cc: [EMAIL PROTECTED]; 'Gert Doering'; cisco-nsp@puck.nether.net;
[EMAIL PROTECTED]
Subject: Re: [c-nsp] Blocking VTP
Phil Mayers wrote:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means
;
[EMAIL PROTECTED]
Subject: Re: [c-nsp] Blocking VTP
Phil Mayers wrote:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means encyclopaedic)
knowledge, there is no such thing.
In any event, Tassos has already
: Thursday, 24 April 2008 8:13 PM
To: Phil Mayers
Cc: [EMAIL PROTECTED]; 'Gert Doering'; cisco-nsp@puck.nether.net;
[EMAIL PROTECTED]
Subject: Re: [c-nsp] Blocking VTP
Phil Mayers wrote:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation
Doering'; cisco-nsp@puck.nether.net;
[EMAIL PROTECTED]
Subject: Re: [c-nsp] Blocking VTP
Phil Mayers wrote:
I'm sorry to say whether you believe it or not has little to do
with the reality of the situation. To the best of my (by no means
encyclopaedic) knowledge, there is no such thing
-
From: Paul Cosgrove [mailto:[EMAIL PROTECTED] Sent:
Thursday, 24 April 2008 8:13 PM
To: Phil Mayers
Cc: [EMAIL PROTECTED]; 'Gert Doering'; cisco-nsp@puck.nether.net;
[EMAIL PROTECTED]
Subject: Re: [c-nsp] Blocking VTP
Phil Mayers wrote:
I'm sorry to say whether you
Hi,
On Wed, Apr 23, 2008 at 01:55:54PM +0800, Daniel Hooper wrote:
... I
really need to start running VTP across our network as we've got far to
many VLAN's and way to many switches to be logging into to provision a
new customer or VLAN ...
Don't use VTP.
We run a medium-sized data center
I can't believe there isn't:
int blah0/0
vtp block in/out
...Skeeve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gert Doering
Sent: Wednesday, 23 April 2008 5:16 PM
To: Daniel Hooper
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Blocking VTP
Subject: RE: [c-nsp] Blocking VTP
I can't believe there isn't:
int blah0/0
vtp block in/out
...Skeeve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gert Doering
Sent: Wednesday, 23 April 2008 5:16 PM
To: Daniel Hooper
Cc: cisco-nsp
Skeeve Stevens wrote:
I can't believe there isn't:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means encyclopaedic)
knowledge, there is no such thing.
In any event, Tassos has already suggested:
1) make the port
, 2008 11:57 AM
To: [EMAIL PROTECTED]
Cc: 'Gert Doering'; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Blocking VTP
Skeeve Stevens wrote:
I can't believe there isn't:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means
On Wed, Apr 23, 2008 at 01:55:54PM +0800, Daniel Hooper wrote:
I work for a company with the exact same problem, we interconnect with a
bucketload of other carriers providers with dot1q trunks and I haven't
been able to find a way to block VTP on those ports, the worst bit is I
really need to
On Wed, 2008-04-23 at 13:27 +0200, Brian Turnbow wrote:
There was set vtp port x/x disable in catos at least for 6500s .
I don't think it ever worked it's way into ios though.
12.2(33)SXH seems to have something called Per port VTP
enable/disable, where you can put vtp disable under an
On Wed, Apr 23, 2008 at 07:01:39PM +0200, Peter Rathlev wrote:
It's probably something they lifted from CatOS; I heard that it was
their plan to make the SX train have the same features as CatOS...
Do you happen to know if that would that include GVRP?
--
Ross Vandegrift
[EMAIL PROTECTED]
http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_u1.html#wp1013452
I guess enabling vtp on your internal ports and disabling it on your external
ones would accomplish
the needed security.
I don't know what happens if global vtp (on) and per-port vtp (off) are
configured
I can't believe there isn't:
int blah0/0
vtp block in/out
In recent software: vtp mode off
-A
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
on all your
switches which won't block the VTP packets but will totally ignore them.
Ziv
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Skeeve Stevens
Sent: Sunday, April 20, 2008 10:53 AM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Blocking VTP
Sent: Monday, 21 April 2008 5:49 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] Blocking VTP
I don't know what's your main purpose, but in some cases, when you work on
an environment that doesn't use VTP at all and want to be sure that if by
mistake someone connects a device that works with VTP
Hey All,
Is there a way on a 2950, 3550, 3560(G), 3750(G) to block VTP from coming in
a port - at all.
.Skeeve
--
Skeeve Stevens, RHCE
[EMAIL PROTECTED] / www.skeeve.org
Cell +61 (0)414 753 383 / skype://skeeve
eintellego - [EMAIL PROTECTED] - www.eintellego.net
--
I'm a groove licked love
1) make the port an access port
2) block 01-00-0C-CC-CC-CC (used by CDP too)
3) use transparent vtp v1 different domain
4) block vlan 1 (although actually that's not possible)
You can also use switchport nonegotiate to turn DTP off, if you're getting
vtp mismatch messages
(different vtp
21 matches
Mail list logo
