You are right. To be protected against IP spoofing you would need a VACL configured as well.
>Private VLANs won't help you with ip-spoofing in the same subnet and >hsrp-attacks and not against arp attacks (but these can be prevented >using static arp-entries on the l3-device). > >Matthias _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/