Re: My "wire" / not yours
From: S. Pidgorny
Date: 03/23/05
- Next message: Casper Hornstrup: "Re: Bad performance"
- Previous message: Ryan Hanisco: "Re: Can't log into a Windows 2003 domain"
- In reply to: Sylvie: "Re: My "wire" / not yours"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 23 Mar 2005 20:34:26 +1100
There can be many devices using same MAC address. That allows to bypass DHCP
security, and in some cases 802.1x and proprietary switch port security
solutions:
http://sl.mvps.org/docs/802dot1x.htm
-- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- "Sylvie" <sylviep@videotron.net> wrote in message news:uL0jvo1LFHA.1180@TK2MSFTNGP14.phx.gbl... > In the end it comes down to this : some switches (probably all by now) allow > you to set the port to accept only one MAC address. You do not have to set > the MAC address that you want to enable. The switch will accept the first > one and refuse all others. We use this configuration to prevent users from > connecting hubs and switches or unauthorized computer. The problem with this > is that you will have to clear the port config when you want another > computer to connect to the port. > > Sorry I do not know the protocol or the RFC but I know that Cisco 2900 > series switches can do it. >
- Next message: Casper Hornstrup: "Re: Bad performance"
- Previous message: Ryan Hanisco: "Re: Can't log into a Windows 2003 domain"
- In reply to: Sylvie: "Re: My "wire" / not yours"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
