I know this. It would be useful for an organisation that does not use a router on their Internal LAN.
Here is a simplified example. 3com 3300 switch. It has a security feature where once enabled, the switch learns the first MAC address of the machine that passes data through it. Should another MAC address appear on the port then the port shuts down. Everyone here seems to be stuck into using complex thought. I'm stripping it down to basics. True that it would be limited. You could only compare the source MAC address from a machine on the same LAN segment. For instance, it would not be possible to check against a MAC address of a machine on the PSN accessing the protected network as the computer on the protected network would be receiving the firewall's Prot NIC MAC address and not the computer's MAC address on the PSN. (Remember, assuming there are no routers on the LAN segment being discussed.) At 09/11/2001 04:06 am , "Chris Green" <[EMAIL PROTECTED]> wrote: >And you missed one too. :) If the pc is behind a router on the internal >network, an ARP request will only return the MAC address of the router. >Layer 2 information doesn't cross a router. > >Chris Green
