bugtraqat_private wrote: > > To Bugtraq, > > We have recently conducted some testing into the security of the > implementation of VLANs on a pair of Cisco Catalyst 2900 series > switches and we feel that the results of this testing might be of some > value to the readers. Testing basically involved injecting 802.1q > frames with forged VLAN identifiers into the switch in an attempt to > get the frame to jump VLANs. A brief background is included below for > those that might not be too familiar with VLANs. Others should skip > to the end for the results. > Interesting proposal, but I think it is more or less Cisco specific. Here I have a BayStack 350T-24 running software revision 1.0.0.2. According to the documentation the switch has the following feature that can be configured on per Port basis: Filter Tagged Frames: Allows you to set this port to filter (discard) all received tagged packets. I think all the ethernet switches should filter all tagged frames when a port is not a trunk port. This way a machine that is connected to a non trunked port, should not be able to send frames with 802.1q tags in it. In your example the switch should have filtered the tagged frames. -- Best Regards, Stefan Stefanov Orbitel Ltd.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:55 PDT