|
Firewall Wizards
mailing list archives
RE: VLAN Security
From: "DCSIM Subscriptions (IA)" <DCSIMSUBS () ia ngb army mil>
Date: Tue, 15 Jun 2004 13:31:54 -0500
Carson -
Correct.
I believe this capability was added somewhere around 12.1(14).
I just checked a "show spanning-tree" on an edge C3550 that does not have
VLAN 1 on any ports, and did not see an instance of VLAN 1 running.
Anyway, the VLAN 1 concern is one of stability. We don't care so much about
it running within each switch. But when it is propagated out as part of a
topology it becomes a weakness.
- Lee
-----Original Message-----
From: Carson Gaspar [mailto:carson () taltos org]
Sent: Saturday, June 12, 2004 12:04
To: firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] VLAN Security
--On Thursday, June 10, 2004 7:41 PM +0300 John Kougoulos <koug () intranet gr>
wrote:
* Never deliver VLAN 1 downstream (switchport trunk allowed vlan
remove
1)
Is this possible? As far as I know you can not remove vlan 1 from a
trunk at least on a cisco switch. Even if it doesn't appear on the
allowed vlans, if you put a sniffer you will see traffic from vlan 1
and on show spanning-tree you will see it running an STP instance for vlan
1.
I believe this was fixed in recent versions of the switch software (as we
just disabled VLAN1 after waiting for an OS upgrade), but I'm not a Cisco
switch jockey...
--
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- RE: VLAN Security, (continued)
|
Intro
