"Hypothetically, if there is no L2 or L3 security in place, would it be as simple as creating a "sw acc vlan 230", and allowing 230 on the trunk port on my switch to start scoping about at the other end?"
Well, the L2 security in question is that on the other end of the trunk, it *should* be configured to only allow the VLANs that you're supposed to be sharing. If that is not configured, then yes, you could add access ports to the other VLANs, then add those VLANs to the trunk, and your access-port hosts would be on that VLAN. Since your intent is not to do that, you should configure your end of the trunk to only allow the VLANs that you intend to share with your layer-2 partner. -Geoff On Fri, Feb 20, 2009 at 9:28 PM, Steve Bertrand <st...@ibctech.ca> wrote: > I have a shared L2 environment with a local company, in which we have > numerous VLANs over fibre. I'm in the process of moving to transparent > on all of my switches, and during the work, I'm checking things out. > > Doing a "sh vlan" produces output that includes VLANs that I shouldn't see: > > 230 xxxOFFICExxx active > 240 xxxSECURITYxxx active > 250 xxxDMZx active > > ...etc. > > The VLANs shown above belong to the network that I am connected to. They > are completely outside of my security boundary. > > Hypothetically, if there is no L2 or L3 security in place, would it be > as simple as creating a "sw acc vlan 230", and allowing 230 on the trunk > port on my switch to start scoping about at the other end? > > Of course I am not going to do anything of the sort, hence why I am > asking here. I'm sure I know the answer already, but if I don't get any > feedback from the list, I'm going to lab it up internally and do some > educational testing for my own knowledge. > > Steve > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/