I'm looking for a solution to create security within a VTP domain.
For example: 5 switches are sharing the same VTP domain. Switch 1 is allowed to pick up only VLAN 1 and passes all the VLAN's. Swich 2 is allowed to pick up only VLAN 2 and passes all the VLAN's. Is this posible based on MAC-address ? Are there any documents that describe how to do / configure it ?
VTP is created to have all switches have a common view of the vlans. It really is not a security thing more of a configuration assistant. If a vlan is in the database a switch can assign a port to the vlan. The best you can do is make it so that a client switch cannot define a port to a vlan that does not exist. The other purpose is to allow broadcast traffic to be pruned off a trunk. If there are no ports on a switch it would prune the vlan off the trunk. I normally manually only allow vlans on trunks I know there are ports active rather than turn everything on and hope it gets pruned.
I do not know a way to restrict a switch from placing ports into a vlan that needs to pass over its trunk ports.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...