[c-nsp] Blocking VTP
Skeeve Stevens
skeeve at skeeve.org
Wed Apr 23 03:33:00 EDT 2008
I can't believe there isn't:
int blah0/0
vtp block in/out
...Skeeve
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
Sent: Wednesday, 23 April 2008 5:16 PM
To: Daniel Hooper
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Blocking VTP
Hi,
On Wed, Apr 23, 2008 at 01:55:54PM +0800, Daniel Hooper wrote:
> ... I
> really need to start running VTP across our network as we've got far to
> many VLAN's and way to many switches to be logging into to provision a
> new customer or VLAN ...
Don't use VTP.
We run a medium-sized data center with a huge bunch of switches and
about 300 active VLANs.
With some advance planning ("which trunks need what ranges of VLANs
pre-configured? which VLANs need to be pre-configured on what boxes?")
and documentation ("what needs to be done to set up X"), this is quite
manageable. Usually, a new VLAN does not need touching more than 3 boxes,
and that's way better than a single VTP accident.
Been there, seen the smoking wreck...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list