hi, i dont think these scare stories are useful... yes, VTP can be dangerous - but so can MST, MPLS, access routers remotely and running commands, new person in job, PVST, spanning tree itself, OVT, etc etc. all can break the network if not configured or prepared for.
i know of many sites that have thousands of switches in campus environments that have been happily using VTP (v1, v2 and now v3) - perhaps the first thing to do is ensure that a 'naked' switch is never anywhere near the production network - ensure that it has been pre-configured with the basic settings before its deployed - that way, all the basic AAA etc is already there and the switch will be policy ready. also, use a different class of devices as your VTP servers....and keep backups (eg RANCID) and documentation of your VLANs. there. said. now i expect to get burnt by my own kit! ;-) alan _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/