[c-nsp] R: Re: Blocking VTP

Brian Turnbow b.turnbow at twt.it
Wed Apr 23 16:08:21 EDT 2008


The catos command blocks the processing and forwarding of vtp packets recieved on the interface. i'm not sure about how the ios version works. 

----- Messaggio originale -----
Da: Tassos Chatzithomaoglou <achatz at forthnet.gr>
Inviato: mercoledi 23 aprile 2008 20.14
A: Peter Rathlev <peter at rathlev.dk>
Cc: Brian Turnbow <b.turnbow at twt.it>; cisco-nsp at puck.nether.net <cisco-nsp at puck.nether.net>
Oggetto: Re: [c-nsp] Blocking VTP

http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_u1.html#wp1013452

I guess enabling vtp on your internal ports and disabling it on your external ones would accomplish 
the needed security.

I don't know what happens if global vtp (on) and per-port vtp (off) are configured simultaneously.

--
Tassos


Peter Rathlev wrote on 23/4/2008 8:01 μμ:
> On Wed, 2008-04-23 at 13:27 +0200, Brian Turnbow wrote:
>> There was set vtp port x/x disable in catos at least for 6500s . 
>> I don't think it ever worked it's way into ios though.
> 
> 12.2(33)SXH seems to have something called "Per port VTP
> enable/disable", where you can put "vtp disable" under an interface
> configuration.
> 
> I don't know if this just makes the switch transparent to PDUs received
> from that port, or if it actually blocks the PDUs. I hope for the
> latter.
> 
> It's probably something they "lifted" from CatOS; I heard that it was
> their plan to make the SX train have the same features as CatOS...
> 
> Regards,
> Peter
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list