[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Layer 2 access and Current Practices



On Thu, 3 Mar 2005 15:08:53 -0600, John Kristoff <jtk@northwestern.edu> wrote:
> On Thu, 3 Mar 2005 15:01:31 -0500
> "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
> 
> > >I think the fact that port security is not  used (per Merike's survey)
> > >  in larger ISPs
> > >speaks to either A) it's difficulty to use or B) it's lack of
> > >preceieved benfit.
> >
> > Agreed that we can drop port security.
> 
> I can add some real world experience. Maybe it will be helpful or
> maybe it'll just be interesting history to record.
> 
> Sorry I haven't been keeping up with this group, but as someone who
> originally suggested and sent George some layer 2 stuff, including
> some port security text a long time, I can corroborate A.
> 
> I implemented it on a number of switches at DePaul based on the
> following doc (as far as I know, it's still enabled):
> 
>   <http://condor.depaul.edu/~jkristof/technotes/dpunet-rfc4.txt>

Wow.  That's (still) excellent, as is the (omitted in this reply) post mortem.  
Thanks.   And the link does still work.

I'm assuming that most of what you were using it for was end systems
(workstations, laptops, etc) ?   Or was it networking gear ?

With change control, physical access, SNMP monitoring, etc. I just can't see
a layer 2 device/topology change in core/edge devices going unnoticed by
other means.  But then, per PT Barnum, you can never go wrong underestimating
intellegence.

---George