[c-nsp] against arp spoofing
Gert Doering
gert at greenie.muc.de
Sun May 29 04:21:21 EDT 2005
Hi,
On Sat, May 28, 2005 at 11:29:14PM +0200, Mikael Abrahamsson wrote:
> On Sat, 28 May 2005, Gert Doering wrote:
>
> >LAN segment, and be done with it. Until then, yes, one VLAN per customer
> >will burn some more legacy IP space - but IPv4 will run out anyway.
>
> One vlan != one IP subnet.
Of course you can have more than one subnet per VLAN :-)
To have one IP subnet span multiple VLAN sort of ruins the intended
effect (layer 3 separation, and automatic anti-spoofing).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list