On Monday 16 July 2007 17:30:38 Philipp Snizek wrote:
Yes. That would help it and also stop man in the middle at least between the switch and the Hosts n. have you got experience what performance impact 802.1x has on 1GBit/s ethernet?
As I said before, you can do with simply allowing no more than one MAC address to appear on a single switch port. You could also set the allowed mack addresses manually. This eliminates the need of authentication (802.1x or not). So no overhead.
Networks cannot be secured by adding static MAC addresses to a switch (e.g. Cisco 29xx, port security feature). You start the legal client, write down its ip and mac, start your illegal notebook were you are root, spoof the mac and the ip, unplug the network cable from the client, plug it into the notebook. The switch will think you just unplugged and plugged the very same client. Please teach me otherwise should I be wrong. Philipp --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org