AW: Authenticating SSH login on a Cisco IOS switch to AD
Brett Littrell
Blittrell at musd.org
Wed Feb 9 21:49:24 CET 2011
Ya, your right, I meant the CAM table. flooding the CAM table with MAC addresses caused all the traffic to broadcast to all ports. My bad, but it is/was a fundamental flaw in the way switches work, I know Cisco had a fix out for it but it did not work with dot1x and DVlans.
The moral of the story is that vlans are not the end security stop-gap, they are just one layer to keep the casual hacker at bay, just as the hidden SSID does.
Thanks for the correction Brian.
> It sounds like you have pretty broken switches then. VLANs are always
> separate, floods or no floods.
>
> Also, true switches don't care about ARP at all (as opposed to "layer 3
> switches").
>
> Regards,
>
> Brian.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
Brett Littrell
Network Manager
MUSD
CISSP, CCSP, CCVP, MCNE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110209/673d1155/attachment.html>
More information about the Freeradius-Users
mailing list