[c-nsp] Large networks
Gert Doering
gert at greenie.muc.de
Wed Aug 26 10:13:06 EDT 2009
Hi,
On Wed, Aug 26, 2009 at 04:11:28PM +0200, Mikael Abrahamsson wrote:
> >On Wed, Aug 26, 2009 at 03:52:55PM +0200, Mikael Abrahamsson wrote:
> >>On Wed, 26 Aug 2009, Gert Doering wrote:
> >>
> >>>So how do you prevent customer A from sending out packets with an IP
> >>>address belonging to customer B? (For whatever reason).
> >>
> >>Antispoofing ACL on vlan interface?
> >
> >Won't help if you have customer A and customer B in the same VLAN.
>
> They are not in the same vlan, they're in the same IP subnet but in
> different vlans.
Ah, pvlans and community vlan stuff. OK, that would work, but still - lots
of effort that is just "automatic" otherwise.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090826/1cca69d4/attachment.bin>
More information about the cisco-nsp
mailing list