From: Stong, Ian C [GMG] (Ian.C.Stong@mail.sprint.com)
Date: Wed Feb 12 2003 - 17:17:16 GMT-3
Would pvlans (private vlans) address these problems. Also the trunk
vulnerability is addressed by assigning the trunk to it's own vlan.
Additional security can be implemented with port security, specific mac
filtering to each port, acl's, shutting down ports not used, using out of
band management, etc. Seems you can secure a switch if you really try.....
Ian
www.ccie4u.com
Rack Rentals and Lab Scenarios
-----Original Message-----
From: Richard Davidson [mailto:rich@myhomemail.net]
Sent: Wednesday, February 12, 2003 2:41 PM
To: Trevor Angus; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Re: How Secure is Layer 2 ???
when the cam table is full the switch will foward
traffic out all ports. So if a hacker was able to
fillup the cam table the vlan would do nothing.
--- Trevor Angus <trevor.angus@t-systems.co.za> wrote:
> Here is an interesting question. I want to configure
> a Pix FW to provide a
> controlled connection between 2 Vlans on a switch
> (Cisco 3550 or 6500).
> There is no layer 3 routing enabled for the
> "outside" interface vlan so in
> theory there should be no way to break out of that
> vlan.
>
> In theory I can't see a problem but perhaps I'm
> missing something???
>
> Cheers
> Trevor
> .
>
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:20 GMT-3