network segmentation without using vlans

[Kristian Erik Hermansen]

On Feb 19, 2008 8:52 AM, Teddy Mills <teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> I was wondering if it was possible to have network segmentation without using vlans.
> If I have 20 boxes on a switch, I do not want any of the boxes to know about each other.

There is some way to use special cables to connect the PCs to the
switch so that each computer can only receive signals, rather than
send.  There is a military term for this setup, but I don't recall the
name.  If you can looking to secure a few boxes, and the others are
hostile, merely place a Layer2 firewall blocking all MAC addresses
except those on a whitelist that you specify.  Easy enough, right?
VLAN is a way to go, but you can still hope VLANs in some cases,
especially when you double encapsulate your 802.1x payloads :-)
-- 
Kristian Erik Hermansen
--
"It has been just so in all my inventions. The first step is an
intuition--and comes with a burst, then difficulties arise. This thing
gives out and then that--'Bugs'--as such little faults and
difficulties are called--show themselves and months of anxious
watching, study and labor are requisite before commercial success--or
failure--is certainly reached" -- Thomas Edison in a letter to
Theodore Puskas on November 18, 1878
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists