FW: jeckyl hyde network
From: crawford charles (biv0uac17@hotmail.com)
Date: 04/17/03
- Previous message: Bill Martin: "Re: [unisog] Zenworks"
- Maybe in reply to: Mada Dulate: "jeckyl hyde network"
- Next in thread: Lee Burleson: "re: jeckyl hyde network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "crawford charles" <biv0uac17@hotmail.com> To: jpastore@idetech.ne Date: Thu, 17 Apr 2003 17:46:38 +0000
Lotsa folks supported "Etherspan" (balanced by src/dst MAC/IP address hash)
-- it just wasn't that popular a feature...
C.
From: Jon Pastore [mailto:jpastore@idetech.net]
Sent: Wednesday, April 16, 2003 2:54 PM
To: 'Lee Burleson'; madadulate@hotmail.com;
security-basics@securityfocus.com
Subject: RE: jeckyl hyde network
Another good product priced a little better with more expandability is
the HP Procurve 8000 I switched to those from the catalyst 2900 xl I was
using...only advantage you get with Cisco I think they are the only one
who support this protocol (etherlan? I forget) basically you can take 2
or 3 ports on both switches and load balance between them to effectively
create a larger pipe between switches without getting a split horizon or
something of the like...this was before gigabit was big and cheaper then
it was...so we had 300Mb pipes between some of our switches...
Now we just have 2 HP Procurve 8000 1 with 5 gigabit ports (1 for each
switch) and 1 with 72 10/100 ports and 1 gigabit...and some smaller dell
24 port 10/100 with 1 gigabit...
Before I got off on that tangent =) I think the HP Procurve also support
the VLAN from an easy to use web interface if I remember correctly...
Jon Pastore, President
IDE Tech, Inc.
(954) 360-0393 Office
(954) 428-0442 Fax
-----Original Message-----
From: Lee Burleson [mailto:lburleso@hotmail.com]
Sent: Wednesday, April 16, 2003 9:49 AM
To: madadulate@hotmail.com; security-basics@securityfocus.com
Subject: re: jeckyl hyde network
You said you have a Cisco 2900 switch ... as part of the
solution, you may be able to use private VLANs to divide the
trusted and untrusted ports. the local router would be on a
"promiscuous" port.
In this configuration, the nodes in each community can only
communicate amongst themselves but the router could communicate
with all ports.
Here's a great link to explain the concept:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800e47e2.html
Not sure if the 2900 even supports it; it may need a software
upgrade to do so. If it doesn't support it, you could still
learn something in the process. :)
- Lee
_________________________________________________________________
---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the
world's premier event for IT and network security experts. The two-day
Training features 6 hand-on courses on May 12-13 taught by professionals.
The two-day Briefings on May 14-15 features 24 top speakers with no vendor
sales pitches. Deadline for the best rates is April 25. Register today to
ensure your place. http://www.securityfocus.com/BlackHat-security-basics
----------------------------------------------------------------------------
- Previous message: Bill Martin: "Re: [unisog] Zenworks"
- Maybe in reply to: Mada Dulate: "jeckyl hyde network"
- Next in thread: Lee Burleson: "re: jeckyl hyde network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
