Port security is used so that someone can't plug a new device into your network and mess with your VLAN info. That's the purest form of security. A VTP domain password will also prevent an unauthorized switch from learning VTP information however if someone manages to crack the password, your information isn't safe.
Remember that VTP advertisements are multicast - so unless a password has been specified for the VTP domain, any device (PC or otherwise) in promiscuous mode will be able to access VTP information. By default, most (if not all) Cisco devices have VTP server mode set as the default. By connecting any new switch to the network, the switch will automatically learn VTP information advertised in VTP messages and self-configure. The behaviour you experienced is expected and by design. -- Leigh Anne PS. Think about how RIP would operate if an unauthorized router running RIP were to be connected to your network. All sorts of funky routes could be injected unless a password protecting updates were specified. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Phil Wallisch Sent: Thursday, December 12, 2002 7:20 AM To: [EMAIL PROTECTED] Subject: 2924 adopting VTP info [7:59074] Has anyone seen this following situation? I have a stable network at a facility that's been running for some time. It has a VTP version 1 domain with no password. I add a 2924M-XL with a valid IP address to the network and then all of the sudden it has become apart of the VTP domain. I did not go into the VLAN database and configure the VTP domain name or enter the database at all actually. The way I understand VTP is that the reason you have a VTP domain name is so someone can't plug a new device into your network and mess with your VLAN info. ------------------------------------------------------------------------ Add photos to your e-mail with MSN 8. Get 2 months FREE*. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59124&t=59074 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
