[c-nsp] NATIVE_VLAN_MISMATCH

Jeff Kell jeff-kell at utc.edu
Fri Jun 4 09:00:37 EDT 2010


On 6/4/2010 4:17 AM, Jan Gregor wrote:
> 4., with badly configured vfi you will display your entire topology to
> customer (and customer topology to all your devices, see point 2)
>
> Maybe reasons why CDP is disabled on uni ports by default? :)
>   

I think the idea was, much like windows/mac/etc "plug-and-play" idiot
devices, you can plug a new Cisco switch into an existing switch, and it
automatically forms a trunk, joins the VTP domain, copies over the vlan
configuration, and allows all traffic on the trunk.

In a closed shop this might be OK, but in the real world it is rarely
the intended behavior.  In the security world, it is unthinkable :-)

Jeff


More information about the cisco-nsp mailing list