Block control plane traffic on switch ports

Unanswered Question
Aug 19th, 2008


Is there anyway to completely isolate one vlan, one group of machines, from the rest of the networks even at the level of control plane traffic that flows through vlan1 (cdp, pagp, vtp...).

I know that pruning we just STP block data/user traffic. What about the control traffic?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Tue, 08/19/2008 - 11:36


Not entirely sure i follow what you are asking. If you want to isolate one vlan just make sure

1) it is not vlan 1 because vlan 1 is always used for CDP/VTP/PagP

2) It is not the native vlan as DTP uses this on an 802.1q trunk

3) the vlan you do choose should not have a layer 3 SVI on any switch.

4) If the vlan has ports on multiple switches and you don't want STP going across the links you will need to disable STP for that vlan but you really need to make sure that you have no loops for this vlan in your network.

Pruning would be fine but only if all the ports for your isolated vlan existed on just one switch.


metalium2007 Thu, 08/21/2008 - 02:54

I want to be sure that no vlan1 user traffic will pass over the trunk.

Two machines separated by the trunk , in vlan1 wont talk?





This Discussion