Posts Tagged ‘VTP’
Why do VTP in the data center? I have absolutely no explanation for this, it is generally just a bad idea to use VTP to begin with. Perhaps “easy” is one argument, but look at the problems you face with it:
- Rogue switch with higher revision can screw the network
- ON some IOS versions, if not all, the VLAN configuration doesn’t reside in the startup-config
- Rogue switch can be used to gather VLAN information on the network, helping form an inside attack
In a data center you expect a highly available, reliable, and secure computing environment, this is something VTP simply doesn’t offer for a network in the data center. Look at the Nexus lineup, VTP is a feature which is disabled by default! What a great concept, finally! I’ll go ahead and just say it, if you’re using VTP in the data center, you’re just being lazy.
In a VTP environment I would recommend using passwords in your domains to prevent malicious users from screwing with your VTP domain. Just remember, if they have the domain name and a higher revision number, you can kiss your setup goodbye! Make sure the passwords are set on each switch and good luck.
Core vs. Edge Routing Topology
There isn’t a lot of talk about this; however, there is a lot of training material that references this debate and makes recommendations for edge based routing. For those not familiar with the topic I am talking about “Campus LANs” and not ISP networks where you essentially have to push routing to the edge for some customers. In my article I am talking about Core vs Edge in the aspect of where we perform all of our routing in a “Campus LAN” Read the rest of this entry »