RE: Switch Network Design Question

From: Church, Chuck (cchurch@netcogov.com)
Date: Thu Nov 03 2005 - 00:42:56 GMT-3

• Next message: Victor Cappuccio: "Lab 15 Tasks 5.12-5.13"
• Previous message: serge Hacobian: "Lab exam date"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: Guyler, Rik: "RE: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It's important to note that Cisco has added a lot of security-type
features to the switches recently. VACLS, port security, control plane
rate limiting, etc can all be used to mitigate malicious activity like
mac address flooding, rogue DHCP servers, etc. The 3560 is chock-full
of goodies!

Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
cchurch@netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, November 02, 2005 8:07 PM
To: 'CCIEin2006'; 'bud selig'
Cc: 'Cisco certification'
Subject: RE: Switch Network Design Question

And that would be another method. But VLAN hopping and auto-trunking
aren't
a switch vulnerability in my opinion. They are an administrative or
design
vulnerability.

If you continually leave your front door unlocked and standing open,
whose
fault is it when you get robbed? The door is inherently designed to
allow
access.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
CCIEin2006
Sent: Wednesday, November 02, 2005 4:36 PM
To: bud selig
Cc: Cisco certification
Subject: Re: Switch Network Design Question

Check out this link on VLAN hopping:

http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci11224
94,0
0
.html

 On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
>
> Thanks for all the responses on this. They were very helpful.
>
>
> On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
> >
> > Hello,
> >
> > I was wondering what everyone's thoughts were on having a single
> > switch house the outside, inside, DMZ VLANs. I prefer to keep the
> > inside VLAN
> on a
> > different physical switch for a more secure environment.
> >
> > Thanks
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Victor Cappuccio: "Lab 15 Tasks 5.12-5.13"
• Previous message: serge Hacobian: "Lab exam date"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: Guyler, Rik: "RE: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3