[c-nsp] Maximum spannig tree instances
Gert Doering
gert at greenie.muc.de
Tue Jul 14 12:05:26 EDT 2009
Hi,
On Tue, Jul 14, 2009 at 11:51:26AM -0400, Jon Lewis wrote:
> On Tue, 14 Jul 2009, Gert Doering wrote:
>
> >Yep, this is what we do. VLANs are really only created where they are
> >needed (some ranges are pre-created, others on-demand).
> >
> >"switchport trunk allowed vlan *ADD* 1234"
> >
> >is one of our favourites, tho... :-)
>
> I've been reluctant to roll that out on all the trunks due to the damage
> that could be caused if someone got careless and dropped the 'add' while
> adding a new VLAN to a trunk.
Yes :(
For most trunks, we use pre-configured ranges ("vlan 100-999 go to
dist switch 1, 1000-1499 to dist switch 2, 1500-1999 to dist switch 3"),
but occasionally we need to do an odd one - and indeed, mistakes happen.
Mmmmh. If one does TACACS command authentication, one could investigate
whether disallowing the "without-add/-delete" form of the command via
TACACS works...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090714/bb809426/attachment.bin>
More information about the cisco-nsp
mailing list