AW: Authenticating SSH login on a Cisco IOS switch to AD

Brett Littrell Blittrell at musd.org
Wed Feb 9 21:49:24 CET 2011


  Ya, your right, I meant the CAM table.  flooding the CAM table with MAC addresses caused all the traffic to broadcast to all ports.  My bad, but it is/was a fundamental flaw in the way switches work, I know Cisco had a fix out for it but it did not work with dot1x and DVlans.
 
  The moral of the story is that vlans are not the end security stop-gap, they are just one layer to keep the casual hacker at bay, just as the hidden SSID does.
 
Thanks for the correction Brian.
  
 
> It sounds like you have pretty broken switches then. VLANs are always
> separate, floods or no floods.
> 
> Also, true switches don't care about ARP at all (as opposed to "layer 3
> switches").
> 
> Regards,
> 
> Brian.
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

 
 

Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110209/673d1155/attachment.html>


More information about the Freeradius-Users mailing list