[c-nsp] list wisdom please, Cisco switches
Aaron
aaron1 at gvtc.com
Fri Jun 7 14:48:49 EDT 2013
I think the same can be said for dslams
Mac-forced-forwarding might have something to do with this.
Config'ing a GPON (OLT) for unsecure mode (what calix calls it in their C7
olt/gpon) or TLS I think forego's the L2 blocking you mentioned
Isn't this what private vlans accomplishes in cisco switches too ? causing
each switch port to appear as if it were in its own separate vlan and only
allow it to communicate with community type ports....or something like that
Aaron
-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark
Tinka
Sent: Friday, June 07, 2013 12:22 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] list wisdom please, Cisco switches
On Tuesday, January 15, 2013 05:58:12 PM Nick Hilliard
wrote:
> I don't get why people shouldn't be able to ping each other / etc.
> Isn't this traffic functionally equivalent to any other Internet
> traffic? What's different about it?
GPON implementations standardize this already, i.e., users are unable to
directly communicate with one another via Layer 2.
They can communicate with one another via the upstream Layer
3 aggregation device (which becomes IP communications rather than Layer 2
communications), at which point operators can institute various security
mechanisms to protect both their customers and their network.
If you're interested, TR-156 from the Broadband Forum speaks to some pretty
cool security features required in GPON implementations that the Ethernet
switching world could learn from for these kinds of deployment scenarios.
Mark.
More information about the cisco-nsp
mailing list