Layer 2 Precautions Needed
Preferably MAC-layer filter all traffic at interconnect
- can’t usually do this on IP address:too many valid source/destination pairs
- can’t easily do this on MAC address:too many changes to track
- block all broadcast traffic except ARP
Ideally filter all ARP traffic on IP address
- useful general-purpose shared media protection tool
- but not supported by any switch vendor ? yet
Contain traffic using 802.1q VLANs
- not perfect, but provides most of protection needed