I think the same can be said for dslams Mac-forced-forwarding might have something to do with this.
Config'ing a GPON (OLT) for unsecure mode (what calix calls it in their C7 olt/gpon) or TLS I think forego's the L2 blocking you mentioned Isn't this what private vlans accomplishes in cisco switches too ? causing each switch port to appear as if it were in its own separate vlan and only allow it to communicate with community type ports....or something like that Aaron -----Original Message----- From: cisco-nsp [mailto:[email protected]] On Behalf Of Mark Tinka Sent: Friday, June 07, 2013 12:22 PM To: [email protected] Subject: Re: [c-nsp] list wisdom please, Cisco switches On Tuesday, January 15, 2013 05:58:12 PM Nick Hilliard wrote: > I don't get why people shouldn't be able to ping each other / etc. > Isn't this traffic functionally equivalent to any other Internet > traffic? What's different about it? GPON implementations standardize this already, i.e., users are unable to directly communicate with one another via Layer 2. They can communicate with one another via the upstream Layer 3 aggregation device (which becomes IP communications rather than Layer 2 communications), at which point operators can institute various security mechanisms to protect both their customers and their network. If you're interested, TR-156 from the Broadband Forum speaks to some pretty cool security features required in GPON implementations that the Ethernet switching world could learn from for these kinds of deployment scenarios. Mark. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
