[c-nsp] Blocking VTP
Ross Vandegrift
ross at kallisti.us
Wed Apr 23 11:41:18 EDT 2008
On Wed, Apr 23, 2008 at 01:55:54PM +0800, Daniel Hooper wrote:
> I work for a company with the exact same problem, we interconnect with a
> bucketload of other carriers & providers with dot1q trunks and I haven't
> been able to find a way to block VTP on those ports, the worst bit is I
> really need to start running VTP across our network as we've got far to
> many VLAN's and way to many switches to be logging into to provision a
> new customer or VLAN but there is no way I'm turning it on without being
> able to block rogue VTP packets on our edge ports.
>
> Is their somewhere we can lodge this as a feature request?
Even if you're not using VTP, you can still use Cisco's VTP MIB to
create and change VLAN config via SNMP.
The VTP MIB isn't too bad to work with once you get familiar with it,
and unlike other vendors' VLANs-via-SNMP, it actually does work.
--
Ross Vandegrift
ross at kallisti.us
"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37
More information about the cisco-nsp
mailing list