What security risk does a VTP client mode present?

A VTP (VLAN Trunking Protocol) client operates in a mode where it can receive VLAN information from VTP servers but cannot propagate its own VLAN information. The main security risk associated with VTP client mode is the possibility of a client inadvertently overwriting a VTP server’s configuration if it receives a VTP message that contains a higher revision number.

When a VTP server adds or modifies VLAN information, it increments the revision number for that configuration. Since VTP clients accept the VLAN configuration updates based on the revision number, a client could, in theory, present a higher revision number that leads to the server's configurations being overwritten. This can result in data loss or network misconfiguration, as the server's VLAN information is replaced by that of the client, potentially disrupting the overall network topology.

Understanding this risk emphasizes the importance of securing VLAN configurations, properly allocating device roles within the network (ensuring servers are not inappropriately set), and monitoring VTP message exchanges to prevent malicious activities or configuration mistakes that could lead to significant network issues.