[c-nsp] NATIVE_VLAN_MISMATCH
Greg Wendel
gwendel at gmail.com
Fri Jun 4 22:44:01 EDT 2010
Jeremy over at Packetlife has a really good article on ways to make a switch
invisible.
http://packetlife.net/blog/2010/apr/15/invisible-catalyst-switch/
On Fri, Jun 4, 2010 at 9:00 AM, Jeff Kell <jeff-kell at utc.edu> wrote:
> On 6/4/2010 4:17 AM, Jan Gregor wrote:
> > 4., with badly configured vfi you will display your entire topology to
> > customer (and customer topology to all your devices, see point 2)
> >
> > Maybe reasons why CDP is disabled on uni ports by default? :)
> >
>
> I think the idea was, much like windows/mac/etc "plug-and-play" idiot
> devices, you can plug a new Cisco switch into an existing switch, and it
> automatically forms a trunk, joins the VTP domain, copies over the vlan
> configuration, and allows all traffic on the trunk.
>
> In a closed shop this might be OK, but in the real world it is rarely
> the intended behavior. In the security world, it is unthinkable :-)
>
> Jeff
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
Gregory Wendel
Springfield VA, 22153
More information about the cisco-nsp
mailing list