Larry Letterman wrote: > > disable STP on the port... > > -- > > Larry Letterman > Network Engineer > Cisco Systems > Thanks Larry. I've never claimed to be a security expert. I generally get the network going and let the local policy folk implement what they see fit. I guess turning off STP is a start, but I thought that I once ran across a simple command that made an access port truly an access port. As part of a turnover process, a security audit was conducted on a network we’ve recently built. One of the red flags thrown at us was that STP, HSRP, and VTP information could be passively collected. All true. So are L2 ACLs the only answer? I thought Cisco addressed this in some way, but again, I sometimes remember things that never happened.
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61799&t=61796 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]