#cisco
03 January 2008
Total 4 pages. You are browsing page 3/4.
First :: Prev :: [1] [2] [3] [4] [5] [...][...] [0] [1] [2] [3] [4] :: Next :: Last
00:43 <****> you could deploy/manage IPSEC GP
00:43 <****> via GP*
00:43 <****> an authenticated machine
00:43 <****> dwxreaper: you can always hack *
00:44 <****> hermatize: you kidding?
00:44 <****> this isn't 1998
00:44 <****> its about reducing the likely hood of it
00:44 <****> i've done NAC like 5 years ago
00:44 <****> unter: yeah, but people shouldn't be able to plug into switches themselves in a DC enviornment, where his webserver is
00:44 <****> i think he's ok with private vlans
00:45 <****> we can always dream up technical solutions to policy based issues
00:45 <****> eg, if user plugs switch in, fire him.
00:45 <****> its much easier, and cheaper.
00:48 <****> alright, well thanks for the input :) definitely been educational, if the solutions are either very expensive or just a maintance headache for an esoteric article like this then i'll leave it for now, btw nem have you found the link you mentioned?
00:48 <****> IPSEC secures data from people sniffing wireless traffic , when people are on their work vpn. It doesn't help so much when people are malicious and they are next to your web server, and switch, willing to do whatever
00:50 <****> because they can just as easily install an inline screencap?
00:52 <****> because they can steal your frickin server!
00:52 <****> not likely, it's a secure complex
00:52 <****> it's likely you will be owned if they want, one way or the other
00:52 <****> it would be pretty noticeable
00:52 <****> I've heard of it happening
00:52 <****> from secure areas
00:53 <****> you could walk out of DC's with anything, they don't know what the hell is up
00:53 <****> from insiders in the companies. disgruntled employee kind of thing
00:53 <****> the security guards think you are an IT guy doing work
00:53 <****> mmmmm social engineering
00:53 <****> the best kind of hacker
00:53 <****> hey ppls, whats the lowest model cisco switch that handles layer3 switching?
00:54 <****> I don't know if I would call that best.
00:54 <****> 3560
00:54 <****> most common, sure
00:54 <****> ?
00:54 <****> yea i was thinking 35xx
00:54 <****> 3550 as far as i know
00:54 <****> anything lower will be l2 only yea?
00:54 <****> although it's defunc
00:54 <****> 3550 is EoS
00:54 <****> 29xx's are L2
00:54 <****> 2948g-l3 is halfass l3
00:54 <****> i remember that con guy show on comedey central, he would get women to come clean naked at his house, because they thought he ran some modeling business
00:54 <****> 3550 is l3
00:54 <****> but EOL
00:55 <****> basically, im setting up a separate backup lan for a large number of machines, but as their managed by separate ppl (each machine) i wanted to do something tricky with access lists to ensure each port could only see the backup NAS/SAN/server etc and not other machines on the network
00:55 <****> i think you really want a MLS switch, which the 2948G-l3 is not
00:55 <****> CpuID2: private vlan are probably better
00:55 <****> 2960 or 3560
00:55 <****> ah yea...thats not a bad idea
00:55 <****> ok well thanks again :)
00:55 <****> or protected ports if you don't need to span multiple switches
00:55 <****> which is 3550 and maybe 2950
00:56 <****> as in have the backup device operate on separate ip subnets on separate vlans, trunked or something?
00:56 <****> I'd stick with the newer stuff
00:56 <****> hmm protected ports, never looked into that
00:56 <****> private vlans is a much better implementation imho
00:56 <****> yep
00:56 <****> so separate vlan per box?
00:56 <****> handled on the switch...
00:57 <****> hmm protected ports looks interesting btw
00:57 <****> make the NAS server the community port and the end stations isolated ports
00:57 <****> aha...next page down was private vlans :)
00:57 <****> sorta, you have a private vlan, all the hosts are on the same subnet / master vlan
00:57 <****> yep
00:57 <****> they can talk to community vlans and community ports
00:58 <****> but they can't talk to each other
00:58 <****> same vlan, but community/isolated ports
00:58 <****> thats logical
00:58 <****> didnt know that was possible actually :)
00:58 <****> got it
00:58 <****> http://www.cisco.com/en/US/tech/tk389/tk814/tk840/tsd_technology_support_sub-protocol_home.html good explanation :)
00:58 <****> the main issue is $ seeing as i wanna do gigE to get the backups pushed as quickly as possible
00:58 <****> and cisco + gige = $ if your not careful :P
00:59 <****> heh
00:59 <****> hell, even if you are careful
00:59 <****> hehe!
00:59 <****> hahaha true :)
00:59 <****> 3560's are well worth the price imo
00:59 <****> Yeah, I run a bunch of 3560's and they are solid
00:59 <****> :)
01:00 <****> I think they are my favorite switch, i'm falling love :(
01:00 <****> hmm can isolated private vlans cross multiple switches? or single switch only?
01:00 <****> my favorite switch is 6509 + sup720 :)
01:00 <****> lol
01:00 <****> like a good hooker a 3560 is more bang for your buck
01:01 <****> oh hang on...just reading here, catalyst 4003/4006 required for private vlans?
01:01 <****> they can be trunked, CpuID2
01:01 <****> thats just the example hw
01:01 <****> ah
01:01 <****> np
01:01 <****> I wish I could afford 3750's
01:01 <****> Don't need em though
01:01 <****> i do fine with etherchannel stacks
01:01 <****> i got my 3750 up on blocks, cant afford the GBICs
01:01 <****> what would be the lowest model gige capable switch worth touching for pvlans? 36xx still yea?
01:02 <****> lol Unter_
01:02 <****> 3650 can
01:02 <****> sounds like a chop shop :P
01:02 <****> 3560 rather.
01:02 <****> they make a 12 port 3560 I think
01:02 <****> or was that the 3750
01:02 <****> 3560-12TS i think
Total 4 pages. You are browsing page 3/4.
First :: Prev :: [1] [2] [3] [4] [5] [...][...] [0] [1] [2] [3] [4] :: Next :: Last