[c-nsp] purposefully mismatching native vlans
Mark Brochu
mbrochu at hartford.edu
Fri Dec 23 10:49:53 EST 2005
Thanks for the reply.
I plan to prune out vlan 1 from any port that sees vlan 1841, and
vice-versa. The likelyhood of anyone looping ports on our 6500 is very
small, and STP will still be active on our residential switches further
down the switch chain, so as an interm this hack of vlan translation
still seems viable... Until the second phase where we subnet further.
-Mark
Andrew Fort wrote:
> Mark Brochu wrote:
>
>> I feel that disabling spanning tree on that vlan is justifiable. I
>> can also prevent the log spam by disabling cdp v2 on the other ends.
>> I'm wondering if there are any other possible caveats I may run into.
>> Looking forward to your input!
>>
>> Mark Brochu
>> Network Analyst
>> University of Hartford
>>
>
>
> This hack has worked for me in the past, though I last used it on malbiu
> 2924 switches. Simple rule: Avoid loops. The main problem you'll get
> if someone closes a loop: CAM tables that see both "1" and "1841" will
> think they're different VLANs and will happily populate the same MAC
> address, on different ports, in those "different" VLANs, so you won't
> even get detection of "mac moves" if your hardware supports that and
> you'd configured it.
>
> VLAN translation is available on some kit (may be worth looking at
> vendors other than cisco here for a point solution linking these two
> networks), so given the likelyhood of loop being formed and how much
> you'd like to not have your ops staff days' ruined, perhaps this is
> worth considering further.
>
> -andrew
>
>
More information about the cisco-nsp
mailing list