How do you keep users from stealing other user's ip??
Eygene Ryabinkin
rea-fbsd at rea.mbslab.kiae.ru
Fri Mar 24 11:18:20 UTC 2006
> But you wont get any traffic if the FDB on the switch is locked down.
>
> Example:
> MAC Address Port Type
> ---------------------- ------ ----------------
> 00-04-75-71-AE-22 11 Dynamic
>
>
> If you lock down so that only MAC 00-04-75-71-AE-22 could be associated with
> port 11 and any other MAC showing up on that port is ignored - the computer on
> that port could change his MAC and the switch simply wont transfer any packets
> destined for the spoofed MAC to that port.
Uhm, sorry, missed the point that if we trust cable from PC to port then
port security helps. Thanks for clarifying this!
--
Eygene
More information about the freebsd-net
mailing list