[c-nsp] list wisdom please, Cisco switches
Mark Tinka
mark.tinka at seacom.mu
Sat Jun 8 06:24:05 EDT 2013
On Friday, June 07, 2013 08:48:49 PM Aaron wrote:
> Config'ing a GPON (OLT) for unsecure mode (what calix
> calls it in their C7 olt/gpon) or TLS I think forego's
> the L2 blocking you mentioned
Yes, the spec. from the Broadband forum gives GPON vendors
the opportunity for operators to either turn on or turn off
these security features.
However, when we did ran a Huawei GPON box in my previous
life, these features were enabled by default on their
hardware, which I can't complain about.
> Isn't this what private vlans accomplishes in cisco
> switches too ? causing each switch port to appear as if
> it were in its own separate vlan and only allow it to
> communicate with community type ports....or something
> like that
As it were, I've actually never used private VLAN's before,
but yes, this is similar to what the GPON folks do.
All traffic arriving at the port configured as a private
VLAN only has one way to go - upstream to the router - even
though it needs to communicate to the neighbor next door in
an FTTH deployment.
For the benefit of customer Layer 2 separation, I'm happy to
forego the otherwise round-about traffic flow inefficiency.
And since this type of Layer 2 isolation on Ethernet
switches, DSLAM's or GPON access nodes doesn't require
separate Layer 3 addressing upstream, it's a win-win.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130608/5e93cea8/attachment.sig>
More information about the cisco-nsp
mailing list