![]() ![]() Wikipedia has a (probably non-exhaustive) list of EtherTypes.Ĭhoose an EtherType that isn't 0x800 and, even better, doesn't collide with anything on this list (or anything else you happen to know is used) and IP hardware (such as routers) won't route your packets. IPv4 is transmitted using Ethernet packets with an EtherType of 0x800. If you don't want your product to work on an IP network, then don't use IP. ![]() In a more complex configuration you could also choose to explicitly permit wanted traffic and filter all the rest. If the switches support 元 ACLs you could filter the exact IP addresses that you don't want on your network, e.g. Switches don't care about higher-layer addresses like IP, so they'd forward frames containing link-local or even local loopback addresses just fine - but only within a VLAN. On the switches, you'd need to segregate that traffic using a dedicated VLAN. I've explicitly blackholed those addresses on all our routers, just to make sure. Simply use addresses from 169.254.0.0/16 which are defined to be not routable. If you don't want those packets to cross routers, link-local aka zeroconf aka APIPA addresses are what you need. You'll have to actively configure that network to inhibit unwanted communication. We have a customer that wants to ensure that it can NOT work on an actual IP network and only direct.Īs has pointed out, making a product use IP and not work over an IP network at the same time isn't possible. It's the network admin's or architect's job to categorize whatever traffic as unwanted and take measures against it. There's no bouncer on each network port that filters that traffic. If it doesn't work, just do it correctly.īasically, if you see those packets on your network, it's the source host (its implementation) that's violating RFC 1122. If it works: fine for now, but may break any time. We changed our FW so that the fixed IP addresses are 127.0.0.0 and 127.0.0.1. I was surprised (shocked actually) that a switch would forward loopback. I was actually hoping to do something that even a modern switch would puke on and not forward to anywhere. I am aware of those addresses, but they are only 'un-routable'. ![]() If you don't want those packets to cross routers link-local aka zeroconf aka APIPA addresses are what you need. On a network I wanted it to break, which to my surprise it did not. We are in control of our own code, so no worry about it breaking. To Zac67: Generally, it's a really bad idea. It can be fixed, or DHCP, so we just set it to a fixed address. It is an embedded system of which we control the code, so we can set the IP address to whatever we want. So, I assumed the firmware is broken, and not really sending over that IP, so I mirrored a switch port, grabbed Wireshark and:Īre there any IP addresses that will not flow through a switch? They work directly connected, great!īut, when I connect them through our corporate network, through multiple switches, managed and unmanaged (and possibly a router, I didn't check with IT), they still link together and function normally. So, we changed our firmware so that the fixed IP addresses are 127.0.0.0 and 127.0.0.1. All this works fine.įor reasons that are not important, we have a customer that wants to ensure that it can not work on an actual IP network and only direct. This product comes in two halves that are supposed to be connected directly to each other over Cat 5e. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |