Hi, I found there is a big security problem on 3Com Switchs those support FastIP.
Steps:
1, Configure the switch enable FastIP(only appear on web configure); 2, Create 2 VLANs based port, such as vlan 100 and vlan 200; 3, Add ports 2 vlan 100 and vlan 200; 4, Prepare 2 PCs, connect to the ports belongs to the diffrent Vlan; 5, Configure 2 PC's IP , make them in the same ip segment; 6, Lookup 2 PCs MAC address, then rigster them as static ARP recoders use "arp -s ..."; 7, Now, These 2 pc can ping each other---pass through the diffrent Vlans!I made a capture use ethereal, there are no NHRP packet has been captured . And, some vendors equipments(such as Huawei) does not need to input the static arp .
Conditions:
1,Switchs: 3Com 3300SM Operational Version : 2.71 Hardware Version : 0 Boot Version : 1.00 MAC Address : 00:04:0b:80:2a:78 Product Number : 3C16987A Serial Number : 7MCV5802A78 2,PCs: 3 types OS tesed: Windows XP ,Linux and TP-LINK Wileless Router NIC: 3 types NIC tesed: RTL8139, 3Com905c (embedded on mainboard), Intel pro/100+zt