Advice regarding Cisco/Juniper/HP

George Bonser gbonser at seven.com
Wed Jun 30 11:11:28 CDT 2010


> -----Original Message-----
> From: sthaug
> Sent: Wednesday, June 30, 2010 12:35 AM
> Cc: nanog at nanog.org
> Subject: Re: Advice regarding Cisco/Juniper/HP
> 
> The Cisco default of allowing all VLANs on a trunk is dangerous in a
> service provider environment (not to mention VTP, DTP and other
evils).
> 

I agree. In a perfect world, the default should be to not allow any
vlans on a trunk unless explicitly configured.

I think Cisco defaults are set so that someone not all that familiar
with network gear can plug in a new switch, it will negotiate a trunk,
and all vlans will be available on it without a lot of configuration.
So like a lot of things, a piece of gear in the hands of someone who
doesn't know exactly what they are doing can be dangerous.

G





More information about the NANOG mailing list