[c-nsp] Security question regarding VTP in a L2 shared environment
Steve Bertrand
steve at ibctech.ca
Fri Feb 20 22:28:49 EST 2009
I have a shared L2 environment with a local company, in which we have
numerous VLANs over fibre. I'm in the process of moving to transparent
on all of my switches, and during the work, I'm checking things out.
Doing a "sh vlan" produces output that includes VLANs that I shouldn't see:
230 xxxOFFICExxx active
240 xxxSECURITYxxx active
250 xxxDMZx active
...etc.
The VLANs shown above belong to the network that I am connected to. They
are completely outside of my security boundary.
Hypothetically, if there is no L2 or L3 security in place, would it be
as simple as creating a "sw acc vlan 230", and allowing 230 on the trunk
port on my switch to start scoping about at the other end?
Of course I am not going to do anything of the sort, hence why I am
asking here. I'm sure I know the answer already, but if I don't get any
feedback from the list, I'm going to lab it up internally and do some
educational testing for my own knowledge.
Steve
More information about the cisco-nsp
mailing list