RE: Question about 802.1q trunking - turned into "about vtp

From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Fri May 25 2007 - 21:53:39 ART

• Next message: Laurean Stefenel: "RE: IPv6 Routing protocols authentication"
• Previous message: Victor Cappuccio: "RE: minimal ospf database in area 0."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Brian,

In fact, I think that vtp pass still may be the best approach in this
case, since the guy who owns the network just is not that much about
maintaining its network. That would avoid (if careful, sometimes people
just forget erasing vlan.dat or changing vtp domain names) the issue of
plugging "unclean" switches on the LAN. (why the hell didn't I think of
it earlier?)

What has been the groups experience regarding server/client and
transparent modes?

Cisco "kind of" advises transparent over server/client
(http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_pa
per09186a00801b49a4.shtml#cg1c ), but my experience is that vtp
server/client with or without pass is just practical, although may be
risky (already suffered from it), if you don't have control about what's
going on on your network.
Vtp transparent can give you a lot of work to manage and keep track of
vlans, but is more secure.

One could argue that for initial deployment you'd use server/client (or
all server), and then convert to transparent.

Any experiences/thoughts?

Gustavo Novais

-----Original Message-----
From: Brian Dennis [mailto:bdennis@internetworkexpert.com]
Sent: sexta-feira, 25 de Maio de 2007 23:23
To: Gustavo Novais; Ryan Morris; Cisco certification
Subject: Re: Question about 802.1q trunking - Do not have any switch
near to test...

Have you considered using a VTP password or disabling trunking/dtp on
ports
that aren't connected other switches?

-- 
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
On 5/25/07 2:57 PM, "Gustavo Novais" <gustavo.novais@novabase.pt> wrote:
> Although some of the allowed vlans may still not be present on the
vlan
> DB.
> 
> Does anybody know if there are alternatives to VTP client/server mode
> approach in progress, besides GVRP, that don't suffer from the
"oooops,
> I think I plugged the lab switch on the network..." syndrome?
> 
> Because VTP transparent can really be a burden...
> 
> 
> 
> Gustavo Novais

• Next message: Laurean Stefenel: "RE: IPv6 Routing protocols authentication"
• Previous message: Victor Cappuccio: "RE: minimal ospf database in area 0."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART