Re: [fw-wiz] Layer 2 (stealth) firewalls - PBR?

Inaki, what vendor, which switch? Do you have a URL for us?
I still wonder: what is layer 2 PBR? What are its uses?
How does it function? Can you give us a good example, or
point us to a web site/document with a good example?

We've heard a lot of speculation, originated by some people
who were wondering themselves if such a thing was possible,
used by anyone, and what uses they were making of it.

So far, you are the only one to answer the original question!
(other than me speculating that it is not possible, nobody is using it,
and asking if anyone knows better.)

Glad you spoke up!

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx]On Behalf Of
Iñaki Arenaza
Sent: Saturday, April 05, 2008 3:38 PM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] Layer 2 (stealth) firewalls - PBR?

"Darden," == Darden, Patrick S <darden@xxxxxxxx> writes:

Darden,> Layer 2, unlike IP, is on a flat fabric. There are no
Darden,> routers, no routing protocols, it is bridged. Every
Darden,> point on the fabric knows every other point on the
Darden,> fabric.

While not expert on the subject, I know of a switch vendor that is
adding PBR at layer 2 to their gear. They usually deal with some Layer
2 protocols (use in special industrial environments), and they want to
control where those Layer 2 packets go (output port) depending on
several factors like being unicast/multicast/broadcast, coming/going
to certain MAC addresses/addresses groups, etc.

So while not widely used, there are people doing 'crazy' stuff like

Saludos. Iñaki.

Get PGP/GPG Keys at
I use free software / Yo uso software libre
firewall-wizards mailing list
firewall-wizards mailing list