Gvrp and network security – Allied Telesis AT-S63 User Manual
Page 273
AT-S63 Management Software Features Guide
Section VI: Virtual LANs
273
GVRP and Network Security
GVRP should be used with caution because it can expose your network to
unauthorized access. A network intruder can access to restricted parts of
the network by connecting to a switch port running GVRP and transmitting
a bogus GVRP PDU containing VIDs of restricted VLANs. GVRP would
make the switch port a member of the VLANs and that could give the
intruder access to restricted areas of your network.
To protect against this type of network intrusion, consider the following:
Activating GVRP only on those switch ports that are connected to
other devices that support GVRP. Do not activate GVRP on ports that
are connected to GVRP-inactive devices.
Converting all dynamic GVRP VLANs and dynamic GVRP ports to
static assignments, and then turning off GVRP on all switches. This
preserves the new VLAN assignments while protecting against
network intrusion.