trunking allows to happen. It says every vlan can use this link. This is great if that is what you want. But let us say that is not what you want. You only want certain
vlans to cross the trunk. This requires additional configuration. The default behavior is to use
DTP (Dynamic Trunking Protocol). This means it
seeks to trunk with another switch by default without any administrative intervention. This can be ok if that is what you want but it's not good if you wanted to allow only certain vlans to cross the trunk.
So let's say an
unauthorized user (but skilled) plugs another switch into the trunk and has an understanding of
STP and the default action of DTP. He changes the
Priority number of the switch to 24259. The
foreign device that is unauthorized will now become the
root bridge in that STP domain. Also he sees packets from every vlan on his trunk link. Is this something you desire to happen or not.
I would say this is not good practice or good behavior so that is why I say this isn't good. Let me know I'm answering the question you've asked..or just one that I've made up in my head thinking it's the question you've asked!
*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team.