Re: ARP Spoof Question

From: Martin Brecher (listuser_at_mb-itconsulting.com)
Date: 07/25/03

  • Next message: Tim Donahue: "RE: Cisco Workaround" 
    Date: Fri, 25 Jul 2003 19:33:23 +0200
To: The Fueley <TheFueley@satx.rr.com>

    The Fueley wrote:
    >
    > How would that apply to a layer 3 switch/router? Actually the packaging says
    > that I have a Residential Gateway/Router/Firewall. Aren't gateways layer 7
    > devices? While switches are layer 2 devices, they deal with MAC addresses
    > right? Maybe a "smart" switch knows which MAC addresses are allowed on the
    > network? Or am I missing it all here?

    Most modern managed switches allow you to limit the number of MAC
    addresses the switch learns on each port. This way you can assign a
    specific NIC to a sepcific switch port, as well as disallow any unwanted
    traffic.

    Cabletron (now Enterasys) had a nice technique known as
    SecureFastSwitching (which is nowadays partially resembled by the VLAN,
    Link Aggregation and STP standards), which made some decent VLANing
    possible.

    For example:
    VLAN #1 with all corporate-public servers and VLAN #2 with all the
    confidential servers.
    When a new station gets deployed it gets added to VLAN #1 by the IT staff.
    All unknown stations are completely kept of the network.
    Only people with a higher clearance level (i.e. the managers who need
    access to the confidential finance server) get added to VLAN#2.
    Other ideas are to keep the switches own network-accessible management
    ports in another VLAN only accessible by the IT staff. And another VLAN
    for the Quake servers, of course :-)

    Greetings,
    Martin 

    -- 
"History has shown us, that strength may be useless,
when faced with terrorism." -- Jean-Luc Picard
PGP/GPG key at http://www.stupid-design.com/martin/publickey.asc
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Tim Donahue: "RE: Cisco Workaround"

    Relevant Pages

    • FW: Best VLAN supporting Switch
      ... you must install a router which interconnects each VLAN. ... Layer 3 switches tends to be very costly. ... The switches are about $1200 and the layer 3 module is $1400. ... node network with 200+ cisco switch's using multiple vlan's. ...
      (Security-Basics)
    • Re: Help configuring Point-To-Point T1
      ... How are you connecting the 3560 to the external CSU/DSU? ... Are you wanting to create a VLAN trunk between the two switches? ... Bunch of PCs that need server access to the servers at Office 1 ...
      (comp.dcom.sys.cisco)
    • NLB with Catalyst switches
      ... I have recent upgraded my network and deployed Cisco switches with VLAN, ... sniffs I was able to determine the problem was my 2 NLB TS servers. ...
      (microsoft.public.windows.server.clustering)
    • Re: Configuring Cisco IPS High Bandwidth Using EtherChannel Load Balancing
      ... VLAN Pair mode uses one interface only and this is the only supported ... The ECLB feature allows you to load balance upto eight Cisco IPS ... All ports will be part of the same etherchannel ... All servers are connected to the backbone switches via another ...
      (Focus-IDS)
    • Re: To VLAN or NOT!
      ... oppossed to router on a stick. ... but it might be a good idea just to VLAN the servers. ... Also using Linksys VLAN capable switches to trunk to an ASA, ...
      (comp.dcom.sys.cisco)
    • Quantcast