[c-nsp] Blocking VTP
Brian Turnbow
b.turnbow at twt.it
Wed Apr 23 07:27:33 EDT 2008
There was set vtp port x/x disable in catos at least for 6500s .
I don't think it ever worked it's way into ios though.
Number 2 will do the job for you.
Brian
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
Sent: Wednesday, April 23, 2008 11:57 AM
To: skeeve at skeeve.org
Cc: 'Gert Doering'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Blocking VTP
Skeeve Stevens wrote:
> I can't believe there isn't:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means encyclopaedic)
knowledge, there is no such thing.
In any event, Tassos has already suggested:
1) make the port an access port
2) block 01-00-0C-CC-CC-CC (used by CDP too)
3) use transparent vtp v1 & different domain
4) block vlan 1 (although actually that's not possible)
Have you tried those? It seems like number 2 in a MAC ACL ought to be
pretty bulletproof.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list