vtp over encrypted links

Unanswered Question


I have the unenviable scenario of being forced to use encryption on the links between switches. They will be point-to-point gigabit links via SFP/GBIC adapters. (I know encryption shouldn't be necessary on a point-to-point topology, but it's been decided from so high it needs oxygen, and is totally unarguable).

They are going to be 3750's, so as a last resort, I'll have to muck about with subnets on a per-switch basis, and configuring DHCP helper to match. However I'd rather keep it as vanilla a switch fabric as possible so site engineers can do a more rapid swap-out if required.

What I'd like to do is configure encryption between the switches while using either dot1q or ISL to carry VTP.

Has anyone ever done this? Is there a native layer-2 encryption process I can use?

All tips most welcome, and thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Many people have proposed I use MD5 encryption via EIGRP - whilst this would solve the Gigabit encryption issue, it wouldn't immediately solve the VTP transport issue as it would be a L3 solution.

Does anyone know if, for instance, I configured a 10-net to create the L3 links for the above, I could do any form of tunneling to preserve the L2 traffic?



This Discussion