Layer 2 Precautions Needed

• Preferably MAC-layer filter all traffic at interconnect

  • can’t usually do this on IP address:too many valid source/destination pairs
  • can’t easily do this on MAC address:too many changes to track
  • block all broadcast traffic except ARP

• Ideally filter all ARP traffic on IP address

  • useful general-purpose shared media protection tool
  • but not supported by any switch vendor ? yet

• Contain traffic using 802.1q VLANs

  • not perfect, but provides most of protection needed

Previous slide

Next slide

Back to first slide

View graphic version