[c-nsp] VTP
Manu Chao
linux.yahoo at gmail.com
Fri Mar 17 19:06:46 EST 2006
Suppose customers are connected to a Cisco Catalyst.
In term of security, they easily discover your VTP domain and potentially
(password hacking) can destroy your network by erasing all vlans :)
In fact, an easy workaround is to change the native vlan and not forwarding
it to customers/
That's it :)
On 3/9/06, Scott Altman <staltman at gmail.com> wrote:
>
> I will cover my tracks and say it probably depends on versions, tho
> most that I've seen in the CatOS and CatIOS flavors have it enabled by
> default with the variation being whether its set to Transparent or
> not.
>
> In the latest version of CatOS I just looked at, you can't configure
> it per port and I'm curious as to why you'd want to. Best Practices
> suggests running Transparent everywhere and manually trunk the VLANs
> you want to go places. Makes it more deterministic and decreases
> "start-time" as links come up as you don't need to negotiate what
> vlans are allowed, pruned, etc.
>
> - Scott
>
> On 3/9/06, Manu Chao <linux.yahoo at gmail.com> wrote:
> > VTP is enable or disable by default globally on a Catalyst.
> >
> > Is it possible to enable/disable VTP on a per port basis?
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
More information about the cisco-nsp
mailing list