Ya, your right, I meant the CAM table. flooding the CAM table with MAC addresses caused all the traffic to broadcast to all ports. My bad, but it is/was a fundamental flaw in the way switches work, I know Cisco had a fix out for it but it did not work with dot1x and DVlans. The moral of the story is that vlans are not the end security stop-gap, they are just one layer to keep the casual hacker at bay, just as the hidden SSID does. Thanks for the correction Brian. > It sounds like you have pretty broken switches then. VLANs are always > separate, floods or no floods. > > Also, true switches don't care about ARP at all (as opposed to "layer 3 > switches"). > > Regards, > > Brian. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html
Brett Littrell Network Manager MUSD CISSP, CCSP, CCVP, MCNE
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html