network segmentation without using vlans
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Tue Feb 19 21:25:47 UTC 2008
Kristian Erik Hermansen wrote:
> On Feb 19, 2008 8:52 AM, Teddy Mills <teddymills-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>> I was wondering if it was possible to have network segmentation without using vlans.
>> If I have 20 boxes on a switch, I do not want any of the boxes to know about each other.
>
> There is some way to use special cables to connect the PCs to the
> switch so that each computer can only receive signals, rather than
> send. There is a military term for this setup, but I don't recall the
> name. If you can looking to secure a few boxes, and the others are
> hostile, merely place a Layer2 firewall blocking all MAC addresses
> except those on a whitelist that you specify. Easy enough, right?
> VLAN is a way to go, but you can still hope VLANs in some cases,
> especially when you double encapsulate your 802.1x payloads :-)
Given the hand shaking that goes on between the switch and a device
plugged into it, I doubt it as the device couldn't connect to the switch.
--
Use OpenOffice.org <http://www.openoffice.org>
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list