Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)

From: James Ventre (messageboard@ventrefamily.com)
Date: Sat Aug 19 2006 - 20:27:19 ART

• Next message: Joshua: "IEWB Lab 11 4.7 Verification Question"
• Previous message: Victor Cappuccio: "RE: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Maybe in reply to: James Nendel: "Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Next in thread: James Ventre: "Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I disagree, it does provide some security.

In a free-for-all environment, like a vendor access network, it's common
to nail up ARP entries so that one can't attract another's traffic (for
nefarious purposes - essentially flooding of gratuitous ARPs with the
wrong MAC). I'd argue, that VPNs are a better solution, but sometimes
security runs the show (and they're too worried about not "seeing" the
traffic).

 Also keep in mind that Private VLANs on 6500s use Sticky ARP (for a
reason)!

James

Victor Cappuccio wrote:
> Hi there Leigh, Static Arp does not provide security, they simply provide
> an optimization of the ARP table.
>
> http://www.groupstudy.com/archives/ccielab/200608/msg00088.html
>
> HTH
> Victor.-

• Next message: Joshua: "IEWB Lab 11 4.7 Verification Question"
• Previous message: Victor Cappuccio: "RE: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Maybe in reply to: James Nendel: "Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Next in thread: James Ventre: "Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART