Advice regarding Cisco/Juniper/HP

George Bonser gbonser at
Wed Jun 30 16:11:28 UTC 2010

> -----Original Message-----
> From: sthaug
> Sent: Wednesday, June 30, 2010 12:35 AM
> Cc: nanog at
> Subject: Re: Advice regarding Cisco/Juniper/HP
> The Cisco default of allowing all VLANs on a trunk is dangerous in a
> service provider environment (not to mention VTP, DTP and other

I agree. In a perfect world, the default should be to not allow any
vlans on a trunk unless explicitly configured.

I think Cisco defaults are set so that someone not all that familiar
with network gear can plug in a new switch, it will negotiate a trunk,
and all vlans will be available on it without a lot of configuration.
So like a lot of things, a piece of gear in the hands of someone who
doesn't know exactly what they are doing can be dangerous.


More information about the NANOG mailing list