[c-nsp] purposefully mismatching native vlans
Andrew Fort
afort at choqolat.org
Thu Dec 22 16:08:52 EST 2005
Mark Brochu wrote:
> I feel that disabling spanning tree on that vlan is justifiable. I can
> also prevent the log spam by disabling cdp v2 on the other ends. I'm
> wondering if there are any other possible caveats I may run into.
> Looking forward to your input!
>
> Mark Brochu
> Network Analyst
> University of Hartford
>
This hack has worked for me in the past, though I last used it on malbiu
2924 switches. Simple rule: Avoid loops. The main problem you'll get
if someone closes a loop: CAM tables that see both "1" and "1841" will
think they're different VLANs and will happily populate the same MAC
address, on different ports, in those "different" VLANs, so you won't
even get detection of "mac moves" if your hardware supports that and
you'd configured it.
VLAN translation is available on some kit (may be worth looking at
vendors other than cisco here for a point solution linking these two
networks), so given the likelyhood of loop being formed and how much
you'd like to not have your ops staff days' ruined, perhaps this is
worth considering further.
-andrew
More information about the cisco-nsp
mailing list