Larry Letterman wrote: > > disable STP on the port... > > -- > > Larry Letterman > Network Engineer > Cisco Systems > Thanks Larry. I've never claimed to be a security expert. I generally get the network going and let the local policy folk implement what they see fit. I guess turning off STP is a start, but I thought that I once ran across a simple command that made an access port truly an access port. As part of a turnover process, a security audit was conducted on a network we�ve recently built. One of the red flags thrown at us was that STP, HSRP, and VTP information could be passively collected. All true. So are L2 ACLs the only answer? I thought Cisco addressed this in some way, but again, I sometimes remember things that never happened.
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61799&t=61796 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
