Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
4
Helpful
1
Replies

Static IPs in Cisco L2 switch

chrislgicale
Level 1
Level 1

‎01-26-2016 06:04 PM

Hi Guys!

In a 24-port Cisco 2960X L2 switch I configure my client statically (for some reason) with these IP ranges;

Work Group A - 192.168.10.XXX /24

Work Group B - 192.168.20.XXX /24

Work Group C - 192.168.30.XXX /24

Is there a way that Work Group A can affect traffic on B and C? Same as with Work Group B to A and C? And Work Group C to A and B? Like if there is a virus as an example.

Logically analysis, A will not able to ping B and C, and same with other, so I'm assumming they are actually no connection at all to each subnet.

Any idea is appreciated. Thanks!

Chris

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-26-2016 07:32 PM

If they are in separate VLANs with no routability then packets can't go from from VLAN to another VLAN.

Otherwise if the virus obeys the laws of unicast routing and only uses unicast then they shouldn't be able to talk to each other.  But being a virus it doesn't have to obey any rules.  It could try using multicast or broadcast to talk to other machines.  It could try malforming layer 2 or layer 3 frames to see what happens.  It might even change the machines L3 configuration.  Perhaps it might try using a different protocol like IPX, or a service lcoation protocol like mDNS and Bonjour.  Perhaps it might use a Toredo IPv6 gateway, and an IPv6 link local network.

When you have something deliberately written with the intent on creating damage you can't rely on it following the rules.  Only proper layer 2 separation from the switch can stop the packets being spread.

Customers Also Viewed These Support Documents