Ya, your right, I meant the CAM table. flooding the CAM table with MAC addresses caused all the traffic to broadcast to all ports. My bad, but it is/was a fundamental flaw in the way switches work, I know Cisco had a fix out for it but it did not work with dot1x and DVlans. The moral of the story is that vlans are not the end security stop-gap, they are just one layer to keep the casual hacker at bay, just as the hidden SSID does. Thanks for the correction Brian.
It sounds like you have pretty broken switches then. VLANs are always separate, floods or no floods.
Also, true switches don't care about ARP at all (as opposed to "layer 3 switches").
Regards,
Brian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE