1. Home
  2. Ethernet LAN
  3. Cigarette Pack Size Ethernet Bridges?

Cigarette Pack Size Ethernet Bridges?

Does any vendor make ethernet bridges that are solid state and about the size of a cigarette pack? Ideally I would like to find a vendor that offers these as plug in modules into a single rack mounted frame, so I could get a lot of them in a tight space.

I want to use one of these in front of each segment on a 12 segment firewall, to filter any source IPs on the segment or filter by Mac address. The spoof detection on my firewall is harder to use than it should be and introduces reliability issues I don't want to deal with.

I know that Allied Telesyn, Canary, and others make small copper to fibre converters that are small and fit into rackmountable enclosures. I am hoping that maybe one of them had the foresight to add in some ethernet bridging capabilities to those.

Reply to
Will
Loading thread data ...

Lots of poeple make tiny single board computers with a variety of interfaces and with a Linux port for the CPU and drivers for the IO devices. I know there are some with multiple ethernet jacks and they are frequently used as routers. Linux is Linux. You can make it a filtering bridge if you want.

SysAdmin magazine always has adverts for this stuff. Maybe you can find the vendors on the website.

formatting link

Reply to
Al Dykes

Have you considered a 24 port switch that supports VLANs? This could be used to create 12 'virtual' 2 port switches.

To get the manageability you want you will have to spend a bit but it will be less that some of the alternatives. I know that for example a Cisco Catalyst 2950 would do.

Google - [two port ethernet switch]

As far as I can see following are all Copper-Fiber convertors and may not be suitable for you. You need to have a look yourself though since I just had a glance.

Allied Telesyn AT FS201 2-Port Ethernet Switch (AT-FS201-20)

formatting link
It's made as a 10/100 convertor. Perfect if 10 is OK but it looks like they do GBE ones too.

today announced the AT-WLMT wall-mount bracket set for its MC- and FS- series of standalone and bridging media converters. The AT-WLMT brackets are particularly useful in locations where a single media converter needs to be physically anchored.

Available in packs of 10, the AT-WLMT includes all necessary fitting components to ensure trouble-free and fast installation. The AT-WLMT can be used for all of the Allied Telesis bridging media converter series (AT-FSxxx & AT-GS2xxx for Fast Ethernet and Gigabit).

formatting link
Google - [three port ethernet switch]

Google - [five port ethernet switch] - These are cheap and common but most not managable. Try [four port too]

formatting link

Reply to
Bod43

Alternately, there is a feature sometimes called PVE (Private Virtual Edge). Supported on some Cisco and Linksys devices amongst others. Doesn't inherently give you the advanced filtering desired, but should be more secure (in theory) than using VLANs.

Reply to
Walter Roberson

What are the greatest typical weaknesses in VLANs, and how does PVE improve on that?

Reply to
Will

For VLANs, whether a packet is allowed to egress a particular port depends on whether information *in the packet* matches the selection criteria. If you can trick a switch into accepting the information that -you- put into the packet, then you can get it to write out to ports that you shouldn't have access to.

For PVE, the restriction of ports is done through some unspecified method (not necessarily the same for any two models of switch), but which probably involves only information in internal headers that the switch wraps around the packet, with the packet contents never being examined for this purpose. You cannot play multihop VLAN spoofing games because the PVE information is not transitive and is completely internal, stripped off before packet egress.

Note that PVE is not the same thing as "IP in IP" or "private VLANs" or "nested VLANs": PVE is control information specific to a particular switch, configured on the switch, and not transmitted anywhere.

Reply to
Walter Roberson

Does Netgear make any managed switch with something similar to the PVE feature? I gather that Linksys makes a few of these.

Reply to
Will

Which models of Cisco and Linksys GigE copper switches support the private VLAN feature that is "spoof-proof"?

Are any of these generally in plentiful supply as surplus product at a pretty steep discount?

Reply to
Will

I don't work for Cisco (or Linksys), and don't have access to any of their internal technical documents, and I don't have access to any Cisco switches (and only some older Linksys ones). Thus, I am not in any position to make a statement that any particular model is "spoof-proof".

The statement I made, which is quoted above, is that PVE is more secure in theory. I do not know the extent to which that theory has been put to the test. I'm just going by the specs and summary discussions.

Reply to
Walter Roberson

I don't see anything -obvious- on the netgear pages, or on the specs of their advanced FSM* layer 2 or layer 3 managed switches. Sometimes features like this (that don't have an associated standard number) are buried in the user manual. The jumps of logic in Netgear manuals tend to make my head hurt, so I don't look at them very often.

Reply to
Walter Roberson

Agreed on that. It looks to me in their GSM7324 like they had three groups of people all competing to implement the same features in different ways and different parts of the UI.

Reply to
Will

Cisco VLAN security WP

formatting link
this references a 3rd party test for various vlan potential weaknesses.

Private VLANs:

formatting link
switches that support private vlans:
formatting link

Reply to
stephen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.