Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1630
Views
10
Helpful
2
Replies

DTP multicast packets

Go to solution
Ahmet Mustafa Mungan
Level 1
Level 1

‎10-31-2016 07:35 AM - edited ‎03-08-2019 07:59 AM

Hi,

I have a network with 4 switches on a virtual platform. After observing with wireshark, I realized that DTP packets were not only received by neıghbour swıtches. They were also received by other switches. 

Since those packets are L2 multicast, it is normal for them to be forwarded to all switches. However, for that situation, how the receiver switches know that the multicast packet belongs to the neighbor switch or not? In other words, what is preventing a switch to have a DTP communication with a switch that is not a neighbour? In DTP packet, I couldn't find a header which makes the sortation of the swıtches' neighbourship possible. 

Kind Regards,

Ahmet Mustafa Mungan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎10-31-2016 01:46 PM

Hi,

many Cisco proprietary control protocols use the multicast MAC address 01-00-0C-CC-CC-CC, for instance CDP, VTP, DTP, PAgP and UDLD.

00-00-0C is a (unicast) MAC Address block assigned to Cisco long ago, and 01-00-0C is just the multicast version of that OUI.

When a Cisco switch receives such a frame, it will treat it as link-local control traffic without forwarding it on other ports.

However, a non-Cisco switch is normally not aware of the special meaning of such frames and consequently flood them like normal multicast. Cisco switches, on the other hand, are normally not aware of intermediate third-party switches between them and their (Cisco) neighbors; so the protocols work the same way as if the two Cisco devices were directly connected - at least as long there is only one neigbor per port. Some protocols (e.g. CDP) can handle more than one neighbor on a port, others (like PAgP) cannot. I'm not sure about DTP but I think it would be safer to disable it in such a scenario.

HTH
Rolf

View solution in original post

2 Replies 2

Go to solution
Rolf Fischer
Level 9
Level 9

‎10-31-2016 01:46 PM

Hi,

many Cisco proprietary control protocols use the multicast MAC address 01-00-0C-CC-CC-CC, for instance CDP, VTP, DTP, PAgP and UDLD.

00-00-0C is a (unicast) MAC Address block assigned to Cisco long ago, and 01-00-0C is just the multicast version of that OUI.

When a Cisco switch receives such a frame, it will treat it as link-local control traffic without forwarding it on other ports.

However, a non-Cisco switch is normally not aware of the special meaning of such frames and consequently flood them like normal multicast. Cisco switches, on the other hand, are normally not aware of intermediate third-party switches between them and their (Cisco) neighbors; so the protocols work the same way as if the two Cisco devices were directly connected - at least as long there is only one neigbor per port. Some protocols (e.g. CDP) can handle more than one neighbor on a port, others (like PAgP) cannot. I'm not sure about DTP but I think it would be safer to disable it in such a scenario.

HTH
Rolf

Go to solution
Ahmet Mustafa Mungan
Level 1
Level 1
In response to Rolf Fischer

‎10-31-2016 11:12 PM

Thank you for the great explanation Rolf.

King Regards,

Ahmet Mustafa

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card