Bill Marquette wrote:
Low end switches have a tendency to not have enough ram or cpu to
handle a high volume mac spoofing attack and will usually end up
turning into a hub under this kind of attack, rendering your vlans
useless.
Any switch's CAM table can be overflowed by directly connected users,
but good switches won't fully turn into a hub in that scenario. Good
switches keep one CAM table per VLAN, and in the case of overflow, only
the overflowed VLAN turns into a hub and only on the ports it's
configured. I know Cisco switches do this properly, from personal
experimentation and reading other sources that confirm the same. I can't
vouch one way or another for any other switch vendors.
I have no doubt some (maybe many) switches behave exactly as Bill
described, and it's difficult for most people to perform the type of
testing required to validate a VLAN switch config and determine what
"bad things" can be done to said config. Be careful with VLAN's, but
also don't be completely averse to using them. Whether or not to trust
them, and for what particular usage, will vary depending on your
environment and level of risk tolerance.
