From: Joseph Ezerski (jezerski@xxxxxxxxxxxx)
Date: Fri Oct 12 2001 - 19:27:03 GMT-3
This may be entirely useless to you, but the Cat 6509 switch with a PFC
matches EVERY packet up to layer 4. This lets you do VACLs on the switch
itself at wire speed. We use them to stop rogue DHCP servers from taking
over the LAN.
-Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Kenny Sallee
Sent: Friday, October 12, 2001 3:05 PM
To: 'louie kouncar'; ccielab@groupstudy.com
Subject: RE: A firewall Question
It can't be a pure L2 device and still filter anything above it. It may be
setup like it's a bridge, which I have seen before ( I can't remember the
name/type of the firewall ). But it still filters packets based on L3,4 and
7 information, else there would be now way to filter. I guess it's a matter
of definition. If the box is a bridge and sits like this:
router
|
| ---> Subnet 192.168.1.0/24
|
L2 firewall
|
| ---> Subnet 192.168.1.0/24
|
Router
|
------- > Internal Segment
Then it's a layer2 device that's smart enough to look at, and react to, L3-7
packets. Not a true L2 firewall ( or it'd only filter on MAC right). Just
my opinion of course.
Kenny
-----Original Message-----
From: louie kouncar [mailto:lkouncar@UU.NET]
Sent: Friday, October 12, 2001 10:02 AM
To: ccielab@groupstudy.com
Subject: A firewall Question
All,
I have been working with Check point firewall for a while, and just today I
heard a guy say that there is a kind of firewall that is a layer 2 device,
anyone can comment on that please....
Thank you
Louie J. Kouncar CCIE #7994
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:18 GMT-3