Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6317
Views
11
Helpful
7
Replies

How Control traffic of VTP, CDP, etc are sent though trunks ???

smitesh kharecha
Level 5
Level 5

‎06-08-2012 12:23 AM - edited ‎03-07-2019 07:08 AM

Hi All,

I was doing some R&D and came to a rude shock...

I would like to share my experience and expect experts to shed some light...

I made a simple topology of connection two switches and making connectivity as trunk.

Then I made one switch VTP server and another as VTP client.

I also setup RSPAN to monitor the packets...

Results, I saw VTP, CDP traffic marked with VLAN ID 1...

Then, I made another vlan and disallowed Vlan 1 in the trunk...

Results still the same....

I thought it might be that traffic might be sent untagged as native vlan, so then i changed the native vlan on both switches, expecting

that either VTP, CDP will fail OR it will be marked as VLAN ID of new native vlan...

However, to my surprise it was still showing as VLAN ID 1....

I'm baffeled and confused on this type of behaviour where Vlan 1 is NOT allowed in trunk and also native vlan has been changed, still VTP and CDP control traffic is shown as sourced from Vlan 1....

Experts, please shed some light...

Regards,

Smitesh

Labels:
0 Helpful
7 Replies 7

lgijssel
Level 9
Level 9

‎06-08-2012 12:49 AM

Cisco has defined vlan1 as the transport vlan for vtp. This is why it cannot be pruned.

CDP is always on when not disabled.

You can disable cdp either per port or for the whole switch.

regards,

Leo

smitesh kharecha
Level 5
Level 5
In response to lgijssel

‎06-08-2012 12:55 AM

Hi Leo,

But I was able to prune Vlan 1...

as in the above experiment ( which I forgot to mention ), I also put some host in Vlan 1 and they were not able to communicated which host in Vlan 1 on another switch; since Vlan 1 was not allowed on trunk...

Regards,

Smitesh

0 Helpful

flokki123
Level 3
Level 3
In response to smitesh kharecha

‎06-08-2012 02:07 AM

hi,

even if you prune vlan1 from the trunk some data is still able to use vlan1 for managemant purposes, including vtp, dtp, stp cdp.

these protocols always use vlan1 for communication.

its acutally a cisco best practice to not use vlan1 for data communication and also prune it for security reasons.

but still some protocols, like mentioned above, can use it and are also able to use the trunk even if vlan1 is pruned.

hope this helps.

acampbell
VIP Alumni
VIP Alumni
In response to flokki123

‎06-08-2012 03:44 AM

Smitesh,

The guys are right about VLAN 1

Have a wee look at this link

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf

Look at the section re Precautions VLAN 1

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

smitesh kharecha
Level 5
Level 5
In response to acampbell

‎06-08-2012 08:33 AM

Thanks to all...

Since, I saw that Vlan 1 is all those packet, I'm know that vlan 1 is somehow able to transverse the trunk despite pruning on trunk.

However, I posted this here to have some technical explanation... something like someone explaning how the packet is send on vlan 1 despite it pruning on trunk.

PS: Idea is not to offend anyone, just a more digging into the subject....

Regards,

Smitesh

0 Helpful

smitesh kharecha
Level 5
Level 5
In response to smitesh kharecha

‎06-12-2012 01:23 AM

Can somebody shed some light on how actually it is working... As i know that it is work, so question is not whether should work or not work... But how actually it is working...

Regards,

Smitesh

0 Helpful

milan.kulik
Level 10
Level 10
In response to smitesh kharecha

‎06-12-2012 06:29 AM

Hi,

read this:

http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_white_paper09186a00801b49a4.shtml#pre6

There exist also an older version of this document for CatOS switches.

HTH,

Milan

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card