AT Cisco Networkers i went to the layer 2 security breakout session and they talked about this. 1st they said the article is out dated. When the article was written Cisco already had a fix for this. 2nd they said with the current switch IOS and additional features they could not hop any VLANS. They tried everything and where not successful. the whole purpose of the breakout was to defuse the myths out there about how unsecure VLANs are. With all that said they did say they do not recommend using one switch with VLANS for web, dmz, and internal traffic > > From: "Priscilla Oppenheimer" > Date: 2002/08/01 Thu PM 03:40:39 EDT > To: [EMAIL PROTECTED] > Subject: RE: Cat2950 VLAN 1 ip address...can't connect [7:50331] > > Turpin, Mark wrote: > > > > I'm referring to trunks, sorry. > > There were some vulnerabilities related to this, but actually the fix was to > make sure the native VLAN wasn't trunked, if I understand it correctly.... > Although the vulnerabilities caused a big stir, they were hard to exploit. > They required physical access to the switch, a Sniffer, and traffic > generation capabilities. Also, Cisco may have made some changes to avoid the > problem after it got reported. But here's the info from SANS: > > http://www.sans.org/newlook/resources/IDFAQ/vlan.htm > > Priscilla > > > > > > -----Original Message----- > > From: MADMAN [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 12:14 PM > > To: Turpin, Mark > > Cc: [EMAIL PROTECTED] > > Subject: Re: Cat2950 VLAN 1 ip address...can't connect [7:50331] > > > > > > > > Not sure what you mean. Your not changing the default VLAN, > > VLAN 1 > > will remain, can't delete it, (not talking about trunks). I > > know of no > > problems arising when using a VLAN other than 1 for inband > > connectivity. > > > > Dave > > > > > > "The information transmitted is intended only for the person > > or entity to > > which it is addressed and may contain confidential and/or > > privileged > > material. Any review, retransmission, dissemination or other > > use of, or > > taking of any action in reliance upon, this information by > > persons or > > entities other than the intended recipient is prohibited. If > > you received > > this in error, please contact the sender and delete the > > material from all > > computers."
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=50457&t=50331 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
