Mike McCarty wrote:
John Stumbles wrote:What do you mean "Cannot act as a bridge"?A switch uses MAC addresses for ascertaining where to forward a message. It is unaware of IP addresses, so it cannot connect different nets.
Yup. That's bridging, defined in 802.1d http://www.ieee802.org/1/pages/802.1D.html
And what do you mean by 'not secure'?No firewall. Any message sent to a given MAC is delivered to it. There is no concept of LAN side vs WAN side.
OK. from a different POV they _are_ secure: unlike a hub (repeater) which sends every packet to all connected ports switches only forward [1]packets to their destination ports. This is more secure as traffic cannot be sniffed by stations on other ports[2]. Which just goes to show that 'security' is not a simple quality of which one can have more or less (like money) but a set of qualities.
John Stumbles [1] non-broadcast [2] bar certain exploits such as MAC flood attacks