Ok, good, but what if you want to use VTP? I'm assuming you would still assign ports to blackhole and issue shut command? Or would you do all of that, but require mac authorisation or something like Network Access control?
You can definitely do that. One challenge is that people sometimes forget to update the trunk line if they add additional VLANs. They then wonder why their new VLAN isn't working. If you can remember to update the VLANs allowed on specific trunks, that can be a security feature.
@5:52 in vlan summary , why int g0/1 is not showing in vlan 40 ?
cuz its a trunk interface, not attached a singular VLAN
Ok, good, but what if you want to use VTP? I'm assuming you would still assign ports to blackhole and issue shut command? Or would you do all of that, but require mac authorisation or something like Network Access control?
I would still use the blackhole VLAN and shutdown command. MAC authorization can be helpful but by itself it is not enough.
@@ddaltonyvcc thank you.
would've liked to have seen allowed vlans on the trunk link
You can definitely do that. One challenge is that people sometimes forget to update the trunk line if they add additional VLANs. They then wonder why their new VLAN isn't working. If you can remember to update the VLANs allowed on specific trunks, that can be a security feature.