Solved: VTP, native vlan & VTP interface

a.gesse · ‎11-16-2008

Hello,

the assumptions are that:

1. VTP updates are sent / receive via native VLAN only?

2. If there is no Native Vlan (Vlan1) in trunk

"switchport trunk allowed vlan 11,12,13"

will vtp updates go through if my mgmt IP's are in vlan11

and I added global command

"VTP interface vlan11" ?

3. Same for CDP, will it go through the trunk as above?

VLAN1 is native but is not included into tha list of vlan allowed

Any thoughts are appreciated

Thanks

Alex

mlund · ‎11-17-2008

Hi

This is taken from the cat 4000 configuration guide.

Disabling VLAN 1 on a Trunk Link

On the Catalyst enterprise LAN switches, VLAN 1 is enabled by default to allow control protocols to transmit and receive packets across the network topology. However, when VLAN 1 is enabled on trunk links in a large complex network topology, the impact of broadcast storms increases. Because spanning tree applies to the entire network topology, the possibility of spanning tree loops also increases when VLAN 1 is enabled on all trunk links. To prevent this situation, you can disable VLAN 1 on trunk interfaces.

When you disable VLAN 1 on a trunk interface, no user traffic is transmitted or received across that trunk interface, but the supervisor engine will continue to transmit and receive packets from control protocols such as Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), Dynamic Trunking Protocol (DTP), and so forth.

and this is from 2960, so probably all switches works like this.

Allowed VLAN:

â€¢To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port, the interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking

/Mikael

View solution in original post

vincent-n · ‎11-16-2008

I think you'll find that even though you've not defined anything in vlan1, stuff such as VTP, STP and CDP still goes through vlan 1.

a.gesse · ‎11-16-2008

Do you mean that even Vlan1 is not listed as allowed it is still there?

Or what?

Alex

mlund · ‎11-17-2008

Hi

This is taken from the cat 4000 configuration guide.

Disabling VLAN 1 on a Trunk Link

On the Catalyst enterprise LAN switches, VLAN 1 is enabled by default to allow control protocols to transmit and receive packets across the network topology. However, when VLAN 1 is enabled on trunk links in a large complex network topology, the impact of broadcast storms increases. Because spanning tree applies to the entire network topology, the possibility of spanning tree loops also increases when VLAN 1 is enabled on all trunk links. To prevent this situation, you can disable VLAN 1 on trunk interfaces.

When you disable VLAN 1 on a trunk interface, no user traffic is transmitted or received across that trunk interface, but the supervisor engine will continue to transmit and receive packets from control protocols such as Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP), Port Aggregation Protocol (PAgP), Dynamic Trunking Protocol (DTP), and so forth.

and this is from 2960, so probably all switches works like this.

Allowed VLAN:

â€¢To reduce the risk of spanning-tree loops or storms, you can disable VLAN 1 on any individual VLAN trunk port by removing VLAN 1 from the allowed list. When you remove VLAN 1 from a trunk port, the interface continues to send and receive management traffic, for example, Cisco Discovery Protocol (CDP), Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), Dynamic Trunking Protocol (DTP), and VLAN Trunking

/Mikael

a.gesse · ‎11-17-2008

Thank you Mikael

I was trying to find info under VTP/CDP, it is under trunks config part apparently,

answered all questions.

Alex