[c-nsp] Blocking VTP
Phil Mayers
p.mayers at imperial.ac.uk
Wed Apr 23 05:56:31 EDT 2008
Skeeve Stevens wrote:
> I can't believe there isn't:
I'm sorry to say whether you believe it or not has little to do with the
reality of the situation. To the best of my (by no means encyclopaedic)
knowledge, there is no such thing.
In any event, Tassos has already suggested:
1) make the port an access port
2) block 01-00-0C-CC-CC-CC (used by CDP too)
3) use transparent vtp v1 & different domain
4) block vlan 1 (although actually that's not possible)
Have you tried those? It seems like number 2 in a MAC ACL ought to be
pretty bulletproof.
More information about the cisco-nsp
mailing list