In this case, I need to obtain the MAC address of the router/gateway on the
other end of the cable connecting to the switch? And allow only that MAC
address to go into the firewall?
Would IBM, may be Cisco now, have a comparable switch? What would be its
model?
Thanks,
Ivan.
----- Original Message -----
From: John Painter <[EMAIL PROTECTED]>
To: Ivan Fox <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, October 22, 1999 5:28 PM
Subject: Re: VLAN - a semi-firewall related question
> HP ProCurve switches (and others) let you protect the console of the
> switch, even down to restricting the IP that can manage the switch. You
can
> then set the security to restrict what mac addresses can send to which
port
> on the switch. only allow the nic to connect to each vendors port. No
> sniffing unless they break security of the switch or your box they connect
> with.
>
> At 05:26 PM 10/21/99 -0400, Ivan Fox wrote:
> >It is a semi-Firewall related question.
> >
> >A firewall for the Extranet allows, say 10 vendors, contractors, to
connect
> >to it. There are two options that we can think of:
> >
> >Option 1:
> >Have 10 NICs in the firewall. This option is clumsy, but it is secure in
> >the sense that competitive suppliers cannot sniff each other's data.
> >
> >Option 2:
> >A smarter approach, one says. Have an intelligent switch connecting to a
> >NIC in the firewall. Each port of the switch is isolated, a VLAN
approach.
> >Competitive suppliers cannot "peer" into each other's data.
> >
> >Being a non-router/switch guy. How can I configure and secure the
switch?
> >I have also heard a router guru mentioned that, in order to provide
> >security, we should not use intelligent switch as someone connect to the
> >console of a switch, he/she can sniff the packets.
> >
> >Any pointers are appreciated.
> >
> >Thanks,
> >
> >C.K.
> >
> >
> --
> John Painter,
> ConfluX.net / Grand Designs, Ltd.
> Information Technology for a new millenium.
> (425) 710 - 9006
> http://www.conflux.net/ & http://www.gdltd.com/
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
