[c-nsp] Turning off vtp multicasts

Vinny Abello vinny at tellurian.com
Thu Sep 1 19:58:53 EDT 2005 

Hi Bob,

         I could be mistaken, but I believe VTP is globally on or off 
on Cisco switches (ones I've used anyway). I've never seen a way to 
control it on a per port basis. I haven't ever setup VTP on a 3550 
but I did a quick look over some things on my switches and it looks 
like you're going to be stuck with setting VTP to transparent 
(disabling it) on the switch if you have any hope of connecting to 
NYIIX. Our switch on NYIIX has VTP in transparent mode as well. Like 
I said, I could be wrong. I don't have a 3550 to look at. I'd be 
interested in any solutions there are just out of curiosity. I've 
only actually setup VTP on one stack of switches on our network where 
it was semi-useful.

By the way, I think "switchport block multicast" only blocks unknown 
multicast packets to prevent flooding of a VLAN for which the mac 
address of a device has timed out in the arp table or is not in the 
table at all. Same with "switchport block unicast" if I remember 
correctly (but for unicast traffic).

At 06:01 PM 9/1/2005, Bob Tinkelman wrote:
>I have a WS-C3550-12G running c3550-i5k2l2q3-mz.121-20.EA1.bin.
>(Yes, I know; that's a bit stale, but the switch has been up and
>running for over 16 months.)
>
>We are trying to connect one of its ports to a peering switch.
>The engineer managing the peering switch has complained to us
>that our switch is emitting vtp multicasts.
>
>An example is included at the end of this email.
>
>We want to continue running vtp on this router but, to comply
>with this request, would like to surpress any vtp multicasts on
>this particular port.
>
>I reached the point where I was just changing various config
>options (not quite at random) hoping to find one that would make
>a difference.  At the moment, the config looks like this:
>
>   | switch1.nycmnycz#sho run int g0/1
>   | Building configuration...
>   |
>   | Current configuration : 265 bytes
>   | !
>   | interface GigabitEthernet0/1
>   |  description nyiix
>   |  switchport access vlan 101
>   |  switchport mode access
>   |  switchport block multicast
>   |  no cdp enable
>   |  spanning-tree portfast
>   |  spanning-tree bpdufilter enable
>   |  spanning-tree bpduguard enable
>   |  spanning-tree guard none
>   | end
>
>
>Any suggestions or pointers to appropriate documentation would
>be much appreciated.
>--
>Bob Tinkelman <bob at tink.com>
>ISPnet, Inc.    718.464.4747
>
>
>
>=========problem-packet=====================================================
>
>SW-NYIIX2#RX-JC-FORMAT filter[1] 181-23:01:34 (03241800)
>00: 2cac 0f8f 5010 0001-0000 0000 f773 000c  FID     = 2cac
>10: 0100 0ccc cccc 0009-442f 6581 0060 aaaa  Offset  = 10
>20: 0300 000c 0111 2101-114a 0001 000f 4348  VLAN    = 1(0001)
>30: 4b30 3631 3856 3053-4e00 0200 0947 6930  CAM     = 0(00000,00000*2)
>Pri CPU MON PriTag MVID PType US BRD DAV SAV DPV SV ER TXA SAS Tag SRC Size
>0   0   0   0      0    f     0  1   0   1   0   0  0  0   0   0   1/1   110
>
>=========problem-packet=====================================================
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/


Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of 
fear" -- Mark Twain

More information about the cisco-nsp mailing list