[nsp] ARP filtering

Mon Jul 12 11:55:54 EDT 2004

Hi,

On Mon, Jul 12, 2004 at 04:50:43PM +0100, Sam Stickland wrote:
> > I don't think there is a way filtering legitimit ARP replies. But why
> > are you allowing "rogue" machines on the LAN if you don't want them to
> > communicate?
> 
> It's for situations where you have a number of co-located machines in a 
> single VLAN and you wish to stop customers using IP addresses that aren't 
> assigned to them.

Setup a dedicated VLAN per customer plus unicast RPF (or an ACL that does
the same thing).

Everything else is spoofable.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de