[127471] in North American Network Operators' Group
RE: Advice regarding Cisco/Juniper/HP
daemon@ATHENA.MIT.EDU (George Bonser)
Wed Jun 30 12:12:24 2010
Date: Wed, 30 Jun 2010 09:11:28 -0700
In-Reply-To: <20100630.093442.74688872.sthaug@nethelp.no>
From: "George Bonser" <gbonser@seven.com>
To: <sthaug@nethelp.no>,
<karnaugh@karnaugh.za.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: sthaug
> Sent: Wednesday, June 30, 2010 12:35 AM
> Cc: nanog@nanog.org
> Subject: Re: Advice regarding Cisco/Juniper/HP
>=20
> The Cisco default of allowing all VLANs on a trunk is dangerous in a
> service provider environment (not to mention VTP, DTP and other
evils).
>=20
I agree. In a perfect world, the default should be to not allow any
vlans on a trunk unless explicitly configured.
I think Cisco defaults are set so that someone not all that familiar
with network gear can plug in a new switch, it will negotiate a trunk,
and all vlans will be available on it without a lot of configuration.
So like a lot of things, a piece of gear in the hands of someone who
doesn't know exactly what they are doing can be dangerous.
G
