What a concept! Consider this, your LAN,WAN are hostile. There's no disputing that fact. The vast majority of attacks come from the inside. With that in mind I have a question why don't switch manufacturers build switches for security also. Now don't go talking about authenticated VLANs or MAC rules, yada, yada. These are not viable in a wireless environment. Taking everything into account the only place you can enfors you corpporate policy is at the edge.

Here's the pitch: I know of switches that have the ability to analyze the first packet(s) sent out by the end device to classify it (QoS), put the port in the correct VLAN(s), and they can keep it from going certain places (various ACL implementations). So why not just look a few bytes more into the header? How about having a 'firewall' on every port on every switch? This is what could be called a 'firenet'.

It's just a concept but I feel this could be very viable. What do you all think? Any questions, comments?

Of course I simplified this so I don't have to type too too much. So I may have left out some things.