Posts Tagged ‘VTP’

Why do VTP in the data center? I have absolutely no explanation for this, it is generally just a bad idea to use VTP to begin with. Perhaps “easy” is one argument, but look at the problems you face with it:

  • Rogue switch with higher revision can screw the network
  • ON some IOS versions, if not all, the VLAN configuration doesn’t reside in the startup-config
  • Rogue switch can be used to gather VLAN information on the network, helping form an inside attack

In a data center you expect a highly available, reliable, and secure computing environment, this is something VTP simply doesn’t offer for a network in the data center. Look at the Nexus lineup, VTP is a feature which is disabled by default! What a great concept, finally! I’ll go ahead and just say it, if you’re using VTP in the data center, you’re just being lazy.


In a VTP environment I would recommend using passwords in your domains to prevent malicious users from screwing with your VTP domain. Just remember, if they have the domain name and a higher revision number, you can kiss your setup goodbye! Make sure the passwords are set on each switch and good luck.


Core vs. Edge Routing Topology

There isn’t a lot of talk about this; however, there is a lot of training material that references this debate and makes recommendations for edge based routing. For those not familiar with the topic I am talking about “Campus LANs” and not ISP networks where you essentially have to push routing to the edge for some customers. In my article I am talking about Core vs Edge in the aspect of where we perform all of our routing in a “Campus LAN” Read the rest of this entry »