You can hijack the MAC address after the CAM table (not ARP cache) times
out for the switches. However, you can't just listen to their traffic
unless you're on a span port (and span ports don't always work correctly).
VLANing has a number of goals, of which you are listing only one. Another
is to permit any net to appear on any switch within the switch fabric.
VLANs are usually used in a form that spans multiple switches, not just
using VLANs on a single switch. At an installation I put together in
India, we used VLANs to allow us to better use IP addresses in a strange
physical layout. When we were building out our New Site Architecture at
Cisco in San Jose, we used VLANs to cut down the number of routing
components necessary and further to take advantage of Layer 3
short-cutting in a number of spots around the buildings.
On Wed, 21 Jul 1999 00:33:31 PDT, Sendmail channeled Matthew Dillon saying:
> The switch routes traffic based on its ARP cache. While you cannot
> easily monitor another port's traffic, you can take over its MAC address
> and steal its traffic.
>
> Cisco VLANs perform a different function. Remember that a logical ethern
et
> segment is typically routed by a single network route. For example,
> a class C or a subnetted class C. The catalyst allows you to throw
> machines into different VLAN buckets which, in addition to the better
> security, allows you to assign separate subnets to each bucket. The
> switch itself doesn't care, but this can reduce global ARP traffic
> significantly. Catalysts can have hundreds of ports stuffed into them.
(ex-of Cisco Systems)
| Kenton A. Hoover | [EMAIL PROTECTED] |
| Private Citizen | |
| San Francisco, California | |
|===================== http://www.shockwave.org/~shibumi ====================|
| A non-vegetarian anti-abortionist is a contradiction in terms. |
| -- Phyllis Schlafly |
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
