Posted by: Raj Perumal
Cisco, switches, Vlan Trunking Protocol, VTP
Hi folks! So welcome to the wonderful world of networking! You buy that fancy brand new Cisco switch and you think to yourself, “I have this cool feature called VTP (Vlan Trunking Protocol) and I want to use it to automatically deploy vlans across all of my switches! This will save me tons of configuration time!” Well should you really do this? Here are my thoughts on the matter.
It seems there are two schools of thought to this. VTP is a great protocol for quickly configuring switches, it takes the monotony out of configuring switches with tons of vlans. On the otherside, VTP is easily taken advantage of. If your network is not properly secured an attacker could easily use VTP to compromise your network!
So this is what I would recommend, don’t use it unless you absolutely have to. Even if you do end up using it then remember to lock down your switch using best practices. Turn off all unnecessary trunk ports, and enable port security where possible. Also even if you use a password with VTP it has been proven that there are methods to retrieve this password.