Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Current Bug in VTP?

Hi,

in my opinion it is only possible to send crafted VTP packets over the default VLAN and over trunk ports, correctly? So, clients connected to normal VLAN access ports don't have a chance to attack my VTP domain?

Any experts?

Thanks,

MB

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Current Bug in VTP?

Mase,

VTP messages are relayed over trunk ports only using reserved multicast address 0100.0CCC.CCCC. So an attack from a host is highly unlikely, but I would not rule it out.

To protect your switched network, you can either protect VTP with authentication or disable VTP by using transparent mode.

HTH

--Leon

* Please rate ALL posts.

1 REPLY
Silver

Re: Current Bug in VTP?

Mase,

VTP messages are relayed over trunk ports only using reserved multicast address 0100.0CCC.CCCC. So an attack from a host is highly unlikely, but I would not rule it out.

To protect your switched network, you can either protect VTP with authentication or disable VTP by using transparent mode.

HTH

--Leon

* Please rate ALL posts.

85
Views
0
Helpful
1
Replies