30 Jun
2010
30 Jun
'10
12:11 p.m.
-----Original Message----- From: sthaug Sent: Wednesday, June 30, 2010 12:35 AM Cc: nanog@nanog.org Subject: Re: Advice regarding Cisco/Juniper/HP
The Cisco default of allowing all VLANs on a trunk is dangerous in a service provider environment (not to mention VTP, DTP and other evils).
I agree. In a perfect world, the default should be to not allow any vlans on a trunk unless explicitly configured. I think Cisco defaults are set so that someone not all that familiar with network gear can plug in a new switch, it will negotiate a trunk, and all vlans will be available on it without a lot of configuration. So like a lot of things, a piece of gear in the hands of someone who doesn't know exactly what they are doing can be dangerous. G