cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
952
Views
0
Helpful
3
Replies
Highlighted
Beginner

Multicast layer 2 flooding and cdp/vtp

Hi All


Someone knows why Cisco switchs doesn't flood cdp/vtp packets on entire broadcast domain ?


In my understanding a switch should perform flooding of Multicast packets out all port but with cdp/vtp packet it doesn't happen.


Logically it is correct but I don't understand how device does it.


Igmp, Igmp snooping, Cgmp should refer to trasmission of layer 3 multicast and however.


If I search 0100.0ccc.cccc inside multicast cam I don't see anything but cdp, however, works.


With L2PT  a switch can flood cdp packet but in transparent way and without sending its own cdp packets.


Is there a range of layer 2 multicast address that Cisco (or/and other vendors) doesn't flood trasparently ?

 

 

Thankyou in advance


Daniele

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

Hi Daniele,

Someone knows why Cisco switchs doesn't flood cdp/vtp packets on entire broadcast domain ?

This is because for Cisco devices, these protocols are neighbor-to-neighbor protocols and are not intended to be flatly received by all Cisco devices in a broadcast domain. The reason these messages are multicast is that there can be a non-Cisco device placed between two Cisco switches, and Cisco attempts to treat such interconnections simply as shared segments similar to hubs. As non-Cisco devices flood protocols such as CDP, VTP, DTP, or PVST+, these messages can get across such devices easily but will be delivered as if the Cisco devices were connected to a common hub.

In my understanding a switch should perform flooding of Multicast packets out all port but with cdp/vtp packet it doesn't happen.

That is correct - once again, this is because CDP and VTP are neighbor-to-neighbor protocols to Cisco devices. This is not a rare occurrence, by the way. Even with standard 802.1D STP, BPDUs are multicasted, but switches that speak STP will not flood them - instead, they will process them on a port-by-port basis and each switch will forward its own BPDU it has originated itself.

Logically it is correct but I don't understand how device does it.

It is a combination of filtering implemented in the switching matrix, and pointing the PDUs of these protocols to the CPU of the switch. Have a look at the output of the show mac address-table in your switch and check the first set of MAC address entries - learned on "all" VLANs, marked as STATIC, pointing to CPU as the forwarding port. This output is the list of group MAC addresses that are forwarded to the CPU, and that are at least considered for being un-flooded (some of them, e.g. the broadcast MAC address, are still flooded).

Best regards,
Peter

View solution in original post

3 REPLIES 3
Highlighted
Hall of Fame Cisco Employee

Hi Daniele,

Someone knows why Cisco switchs doesn't flood cdp/vtp packets on entire broadcast domain ?

This is because for Cisco devices, these protocols are neighbor-to-neighbor protocols and are not intended to be flatly received by all Cisco devices in a broadcast domain. The reason these messages are multicast is that there can be a non-Cisco device placed between two Cisco switches, and Cisco attempts to treat such interconnections simply as shared segments similar to hubs. As non-Cisco devices flood protocols such as CDP, VTP, DTP, or PVST+, these messages can get across such devices easily but will be delivered as if the Cisco devices were connected to a common hub.

In my understanding a switch should perform flooding of Multicast packets out all port but with cdp/vtp packet it doesn't happen.

That is correct - once again, this is because CDP and VTP are neighbor-to-neighbor protocols to Cisco devices. This is not a rare occurrence, by the way. Even with standard 802.1D STP, BPDUs are multicasted, but switches that speak STP will not flood them - instead, they will process them on a port-by-port basis and each switch will forward its own BPDU it has originated itself.

Logically it is correct but I don't understand how device does it.

It is a combination of filtering implemented in the switching matrix, and pointing the PDUs of these protocols to the CPU of the switch. Have a look at the output of the show mac address-table in your switch and check the first set of MAC address entries - learned on "all" VLANs, marked as STATIC, pointing to CPU as the forwarding port. This output is the list of group MAC addresses that are forwarded to the CPU, and that are at least considered for being un-flooded (some of them, e.g. the broadcast MAC address, are still flooded).

Best regards,
Peter

View solution in original post

Highlighted

Thankyou very much, very complete answer !!

Highlighted

Hi Peter,

If the switch does not flood CDP, VTP, DTP, or PVST+ frames out all ports, can you please explain how the switch decides which ports to send CDP, VTP, DTP, or PVST+ frames out to?

 

CDP floods its advertisement frames out, but how does it know on which port(s) Cisco equipment lives? If you tell me that CDP floods its advertisements out of ports that have Cisco MAC addresses, we run into the issue of "nobody's talking to each other because they are not aware of each other's presence".

Content for Community-Ad