- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: How to Block STP, VTP, etc. on Access Ports? [7:61796] posted 01/24/2003
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Larry Letterman wrote:
> disable STP on the port...
> --
> Larry Letterman
> Network Engineer
> Cisco Systems
Thanks Larry.  I've never claimed to be a security expert.  I generally get
the network going and let the local policy folk implement what they see
fit.  I guess turning off STP is a start, but I thought that I once ran
across a simple command that made an access port truly an access port.  As
part of a turnover process, a security audit was conducted on a network
we?ve recently built.  One of the red flags thrown at us was that STP, HSRP,
and VTP information could be passively collected.  All true.  So are L2 ACLs
the only answer?  I thought Cisco addressed this in some way, but again, I
sometimes remember things that never happened.

Message Posted at:
FAQ, list archives, and subscription info:
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx