RE: MAC address filtering su Cisco switch

> Ammettiamo di avere i server A, B, C; tutti e tre devono parlare con
> la macchina X senza che A veda [B|C], B veda [A|C] e C veda [A|B]. 

parli di PVLAN/Community/Isolated ports ?

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/vlans
.htm#1093407

Private VLANs provide Layer-2 isolation between ports within the same private
VLAN...

The three types of private VLAN ports are as follows: 

Promiscuous: This port communicates with all other private VLAN ports and is the
port you use to communicate with routers, LocalDirector, backup servers, and
administrative workstations. 

Isolated: This port has complete Layer 2 separation from other ports within the
same private VLAN with the exception of the promiscuous port. 

Community: These ports communicate among themselves and with their promiscuous
ports. These ports are isolated at Layer 2 from all other ports in other
communities or isolated ports within their private VLAN. 
Privacy is granted at Layer 2 by blocking outgoing traffic to all isolated
ports. All isolated ports are assigned to an isolated VLAN where this hardware
function occurs. Traffic received from an isolated port is forwarded to all
promiscuous ports only. 


~mm


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List