[c-nsp] VTP war stories (was Re: EoMPLS or VPLS loop prevention/storm control)
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Thu Feb 10 04:23:08 EST 2011
hi,
i dont think these scare stories are useful... yes, VTP can be dangerous - but so can
MST, MPLS, access routers remotely and running commands, new person in job, PVST,
spanning tree itself, OVT, etc etc. all can break the network if not configured
or prepared for.
i know of many sites that have thousands of switches in campus environments that
have been happily using VTP (v1, v2 and now v3) - perhaps the first thing to do is
ensure that a 'naked' switch is never anywhere near the production network - ensure
that it has been pre-configured with the basic settings before its deployed - that
way, all the basic AAA etc is already there and the switch will be policy ready.
also, use a different class of devices as your VTP servers....and keep backups (eg RANCID)
and documentation of your VLANs.
there. said. now i expect to get burnt by my own kit! ;-)
alan
More information about the cisco-nsp
mailing list