On 6/4/2010 4:17 AM, Jan Gregor wrote: > 4., with badly configured vfi you will display your entire topology to > customer (and customer topology to all your devices, see point 2) > > Maybe reasons why CDP is disabled on uni ports by default? :) >
I think the idea was, much like windows/mac/etc "plug-and-play" idiot devices, you can plug a new Cisco switch into an existing switch, and it automatically forms a trunk, joins the VTP domain, copies over the vlan configuration, and allows all traffic on the trunk. In a closed shop this might be OK, but in the real world it is rarely the intended behavior. In the security world, it is unthinkable :-) Jeff _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/