* Brian <[EMAIL PROTECTED]> [2008-10-10 05:58]: > The problems are that the multicast CARP packets are getting forwarded over > the bridge
with carp and worse so with vrrp/hsrp/younameit and (r)stp, you really really want to make sure only trusted parties see the announcements. carp now allows a carppeer to be specified which at least means no multicast; it should be good enough in most situations. i have a small writeup about the problems and solutions at http://bulabula.org/carp-and-stp-meet-switch-security.html -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
