10-31-2016 07:35 AM - edited 03-08-2019 07:59 AM
Hi,
I have a network with 4 switches on a virtual platform. After observing with wireshark, I realized that DTP packets were not only received by neıghbour swıtches. They were also received by other switches.
Since those packets are L2 multicast, it is normal for them to be forwarded to all switches. However, for that situation, how the receiver switches know that the multicast packet belongs to the neighbor switch or not? In other words, what is preventing a switch to have a DTP communication with a switch that is not a neighbour? In DTP packet, I couldn't find a header which makes the sortation of the swıtches' neighbourship possible.
Kind Regards,
Ahmet Mustafa Mungan
Solved! Go to Solution.
10-31-2016 01:46 PM
Hi,
many Cisco proprietary control protocols use the multicast MAC address 01-00-0C-CC-CC-CC, for instance CDP, VTP, DTP, PAgP and UDLD.
00-00-0C is a (unicast) MAC Address block assigned to Cisco long ago, and 01-00-0C is just the multicast version of that OUI.
When a Cisco switch receives such a frame, it will treat it as link-local control traffic without forwarding it on other ports.
However, a non-Cisco switch is normally not aware of the special meaning of such frames and consequently flood them like normal multicast. Cisco switches, on the other hand, are normally not aware of intermediate third-party switches between them and their (Cisco) neighbors; so the protocols work the same way as if the two Cisco devices were directly connected - at least as long there is only one neigbor per port. Some protocols (e.g. CDP) can handle more than one neighbor on a port, others (like PAgP) cannot. I'm not sure about DTP but I think it would be safer to disable it in such a scenario.
HTH
Rolf
10-31-2016 01:46 PM
Hi,
many Cisco proprietary control protocols use the multicast MAC address 01-00-0C-CC-CC-CC, for instance CDP, VTP, DTP, PAgP and UDLD.
00-00-0C is a (unicast) MAC Address block assigned to Cisco long ago, and 01-00-0C is just the multicast version of that OUI.
When a Cisco switch receives such a frame, it will treat it as link-local control traffic without forwarding it on other ports.
However, a non-Cisco switch is normally not aware of the special meaning of such frames and consequently flood them like normal multicast. Cisco switches, on the other hand, are normally not aware of intermediate third-party switches between them and their (Cisco) neighbors; so the protocols work the same way as if the two Cisco devices were directly connected - at least as long there is only one neigbor per port. Some protocols (e.g. CDP) can handle more than one neighbor on a port, others (like PAgP) cannot. I'm not sure about DTP but I think it would be safer to disable it in such a scenario.
HTH
Rolf
10-31-2016 11:12 PM
Thank you for the great explanation Rolf.
King Regards,
Ahmet Mustafa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide