[c-nsp] NATIVE_VLAN_MISMATCH
Jeff Kell
jeff-kell at utc.edu
Fri Jun 4 09:00:37 EDT 2010
On 6/4/2010 4:17 AM, Jan Gregor wrote:
> 4., with badly configured vfi you will display your entire topology to
> customer (and customer topology to all your devices, see point 2)
>
> Maybe reasons why CDP is disabled on uni ports by default? :)
>
I think the idea was, much like windows/mac/etc "plug-and-play" idiot
devices, you can plug a new Cisco switch into an existing switch, and it
automatically forms a trunk, joins the VTP domain, copies over the vlan
configuration, and allows all traffic on the trunk.
In a closed shop this might be OK, but in the real world it is rarely
the intended behavior. In the security world, it is unthinkable :-)
Jeff
More information about the cisco-nsp
mailing list