On Mon, 22 Nov 1999, Jasper Jans wrote:
> Hi..
>
> (this might be slightly off topic.. my apologies
> here for)
>
> We are using Cisco 2940 switches and I was looking if
> it was able to deny all traffic between certain ports
> on the switch.
>
> E.g. port 1-20 are all on 1 subnet, deny all traffic
> between the ports, but allow all ports to access the
> server on the same subnet that is connected to port
> 21 of the switch.
using switch VLANS to separate security zones is problematic as
switches are generally build to be fast & can leak packets uner all kind
of circumstances ( even across VLAN's a 802.1q exploit was published recently )
this is not to say it's not good anough for your application -
just take it into account - make sure you know the risks
and that you're OK with them policy-wise
(if you don't have security policy - write one *before* implementing it in
hardware )
>
> The reason we want to do this is to prevent end users
> from being able to access other pcs/macs on the same
> subnet.
>
> If anyone can tell me how - and if this is possible
> at all - I'd be really grateful.
>
> Jasper
>
> ***************************************************************
> * Jasper Jans Vrije Universiteit *
> * Email: [EMAIL PROTECTED] ComputerGroep Biologie (M120) *
> * Tel: (+31)-(0)20-4447040 De Boelelaan 1087 *
> * Fax: (+31)-(0)20-4447123 1081HV Amsterdam *
> * Cell: (+31)-(0)6-51811252 Netherlands *
> ***************************************************************
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
