[c-nsp] VTP domain.

Paul Cosgrove paul.cosgrove at heanet.ie
Wed Feb 11 05:43:12 EST 2009 

The behaviour regarding forwarding vtp messages is identical between 
transparent mode in either VTP versions;  if the domain name is null all 
VTP messages are forwarded, while if it is set only messages for that 
domain are forwarded. Apparently this changed sometime in the distant 
past but the documentation was not updated (at least it wasn't the last 
time I looked).  You can find more information about this here:-
  http://www.groupstudy.com/archives/ccielab/200704/msg01533.html

You can see that there is also a mention there, apparently from a member 
of cisco TAC, that a capability to set a VTP domain name to Null had 
been considered but a decision was made not to implement it.

To stop any VTP messages being forwarded, if you really need to, you can 
use mac acls matching the destination address(0100.0ccc.cccc) and 
ethertype (0x2003).  If on the other hand you need the VTP messages to 
be forwarded for multiple domains, without affecting this switch, then 
you may need to delete the vlan.dat, change to transparent mode and reload.

Paul.

Steven.Glogger at swisscom.com wrote:
> VTP transparent switches DO forward vtp messages (if using version 2). see:
> "VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2, transparent switches do forward VTP advertisements that they receive from other switches from their trunk interfaces. "
>
> dont forget: the VTP domain can be learned if NO domain is given - the switch takes the first domain he sees in a VTP message.
>
> make sure that you put switches in transparent mode if you want to prevent disasters. we all know that the highest revision number in a domain wins. a client can overwrite all other switches (incl. server) if the revision number is highter and if he has the same domain name.... 
>
> vtp is evil as we all know ,-)
>
> to remove the domain name just set another one. 
>
> -steven
>
>
> ps: your guide for any VTP questions:
> http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_44_se/configuration/guide/swvtp.html 
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Tinka
> Sent: Wednesday, February 11, 2009 12:54 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] VTP domain.
>
> On Wednesday 11 February 2009 03:02:41 am Keith wrote:
>
>   
>> The 3550 being replaced has no vtp domain name. Is it possible to 
>> remove the vtp domain name without deleting the vlan.dat file? I have 
>> looked over the TAC but see nothing really regarding removing a vtp 
>> domain name. Lots about adding one, not about removing one.
>>     
>
> No clear way to do this, today, without deleting the 'vlan.dat' file. Wish that could be fixed.
>
> But like you and others have said, maintaining VTP Transparent mode will ensure it stays away from VTP.
>
> We used to "manually" clear VTP domain names, but recently found a batch of switches that had them configured. It's too much work to clear that, but we just say "no" to VTP anyway.
>
> Cheers,
>
> Mark.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list