From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Sat Aug 19 2006 - 22:48:50 ART
Hi..
James so the solution for this question is?
I nailed up the MAC with the IP address to a port, and I changed the IP
Address to a Secondary Address Range and could still receive traffic
Thanks
Victor.-
-----Mensaje original-----
De: James Ventre [mailto:messageboard@ventrefamily.com]
Enviado el: Sabado, 19 de Agosto de 2006 07:27 p.m.
Para: Victor Cappuccio
CC: 'Leigh Harrison'; 'James Nendel'; 'Cisco certification'
Asunto: Re: Please confirm (conf#3a3ee5d695ce8ac5673ec51313a35a42)
I disagree, it does provide some security.
In a free-for-all environment, like a vendor access network, it's common
to nail up ARP entries so that one can't attract another's traffic (for
nefarious purposes - essentially flooding of gratuitous ARPs with the
wrong MAC). I'd argue, that VPNs are a better solution, but sometimes
security runs the show (and they're too worried about not "seeing" the
traffic).
Also keep in mind that Private VLANs on 6500s use Sticky ARP (for a
reason)!
James
Victor Cappuccio wrote:
> Hi there Leigh, Static Arp does not provide security, they simply provide
> an optimization of the ARP table.
>
> http://www.groupstudy.com/archives/ccielab/200608/msg00088.html
>
> HTH
> Victor.-
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART