re: jeckyl hyde network

["Lee Burleson" <lburleso () hotmail com>]

You said you have a Cisco 2900 switch ... as part of the solution, you may 
be able to use private VLANs to divide the trusted and untrusted ports.  the 
local router would be on a "promiscuous" port.

In this configuration, the nodes in each community can only communicate 
amongst themselves but the router could communicate with all ports.

Here's a great link to explain the concept:
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800e47e2.html

Not sure if the 2900 even supports it; it may need a software upgrade to do 
so.  If it doesn't support it, you could still learn something in the 
process.  :)

- Lee


_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place.  http://www.securityfocus.com/BlackHat-security-basics 
----------------------------------------------------------------------------