Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Block control plane traffic on switch ports

Hello,

Is there anyway to completely isolate one vlan, one group of machines, from the rest of the networks even at the level of control plane traffic that flows through vlan1 (cdp, pagp, vtp...).

I know that pruning we just STP block data/user traffic. What about the control traffic?

Thanks,

Met.

3 REPLIES
Hall of Fame Super Blue

Re: Block control plane traffic on switch ports

Met

Not entirely sure i follow what you are asking. If you want to isolate one vlan just make sure

1) it is not vlan 1 because vlan 1 is always used for CDP/VTP/PagP

2) It is not the native vlan as DTP uses this on an 802.1q trunk

3) the vlan you do choose should not have a layer 3 SVI on any switch.

4) If the vlan has ports on multiple switches and you don't want STP going across the links you will need to disable STP for that vlan but you really need to make sure that you have no loops for this vlan in your network.

Pruning would be fine but only if all the ports for your isolated vlan existed on just one switch.

Jon

Community Member

Re: Block control plane traffic on switch ports

I want to be sure that no vlan1 user traffic will pass over the trunk.

Two machines separated by the trunk , in vlan1 wont talk?

right?

Thanks!

Met

Community Member

Re: Block control plane traffic on switch ports

Thanks.

No more questions.

Regards,

Met.

137
Views
4
Helpful
3
Replies
CreatePlease to create content