On Wed, Jun 20, 2007 at 01:50:10PM -0400, Chris Buechler wrote: > Any switch's CAM table can be overflowed by directly connected users, > but good switches won't fully turn into a hub in that scenario. Good > switches keep one CAM table per VLAN, and in the case of overflow, only > the overflowed VLAN turns into a hub and only on the ports it's > configured. I know Cisco switches do this properly, from personal > experimentation and reading other sources that confirm the same. I can't > vouch one way or another for any other switch vendors.
I can't imagine Netgears doing it properly. To begin, they ship buggy firmware by default, and you're supposed to install the latest on a new switch so that you get something which performs to specs. Cheap switches typically don't perform well under high (extremely high, as in supercomputer signalling fabric) load (but then, some expensive don't, either, and switches with the same model number can behave very differently). > I have no doubt some (maybe many) switches behave exactly as Bill > described, and it's difficult for most people to perform the type of > testing required to validate a VLAN switch config and determine what > "bad things" can be done to said config. Be careful with VLAN's, but > also don't be completely averse to using them. Whether or not to trust > them, and for what particular usage, will vary depending on your > environment and level of risk tolerance. In theory, we're a software shop, and everything is business critical. In practice, I have better security at home :) -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
