Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

VTP Authentication

Hi There

I'm looking for a solution to create security within a VTP domain.

For example: 5 switches are sharing the same VTP domain. Switch 1 is allowed to pick up only VLAN 1 and passes all the VLAN's. Swich 2 is allowed to pick up only VLAN 2 and passes all the VLAN's. Is this posible based on MAC-address ? Are there any documents that describe how to do / configure it ?

Gr.

Remco

1 REPLY
Gold

Re: VTP Authentication

VTP is created to have all switches have a common view of the vlans. It really is not a security thing more of a configuration assistant. If a vlan is in the database a switch can assign a port to the vlan. The best you can do is make it so that a client switch cannot define a port to a vlan that does not exist. The other purpose is to allow broadcast traffic to be pruned off a trunk. If there are no ports on a switch it would prune the vlan off the trunk. I normally manually only allow vlans on trunks I know there are ports active rather than turn everything on and hope it gets pruned.

I do not know a way to restrict a switch from placing ports into a vlan that needs to pass over its trunk ports.

606
Views
0
Helpful
1
Replies
CreatePlease to create content