On 6/19/07, Greg Hennessy <[EMAIL PROTECTED]> wrote:
> > Mixing different trust levels on the same switch is rather frowned
> upon.
>
> Because of potential vulnerabilities in the switch OS, allowing an
> attacker to reassign VLANs?
Yes. The switch may be in a locked cabinet/cage, but never say never when it
comes to internet facing equipment.
Things like setting protected ports etc are essential in this scenario.
Low end switches have a tendency to not have enough ram or cpu to
handle a high volume mac spoofing attack and will usually end up
turning into a hub under this kind of attack, rendering your vlans
useless. Plus you are relying on software to keep your network
segregated, physical separation is easier to keep the paranoia down ;)
--Bill
