Cord MacLeod wrote:
Would it be a reasonable solution to static arp a gateway on a cisco
L3 switch to prevent a user from taking over the gateway? So assuming
you have HSRP running on 2 layer 3 switches and they share a gateway
of 10.0.0.1 with switch one's address being 10.0.0.2 and two's address
being 10.0.0.3 would it be reasonable to static arp each of these
addresses to each switch?
a better solution would be to enable Dynamic ARP Inspection (DAI) on
your Cisco L3 switch.
"best practice" would be to enable various other integrated security
features to protect against other DoS, flooding, spoofing, starvation
attack vectors.
cheers,
lincoln.
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
