On Friday, June 07, 2013 08:48:49 PM Aaron wrote: > Config'ing a GPON (OLT) for unsecure mode (what calix > calls it in their C7 olt/gpon) or TLS I think forego's > the L2 blocking you mentioned
Yes, the spec. from the Broadband forum gives GPON vendors the opportunity for operators to either turn on or turn off these security features. However, when we did ran a Huawei GPON box in my previous life, these features were enabled by default on their hardware, which I can't complain about. > Isn't this what private vlans accomplishes in cisco > switches too ? causing each switch port to appear as if > it were in its own separate vlan and only allow it to > communicate with community type ports....or something > like that As it were, I've actually never used private VLAN's before, but yes, this is similar to what the GPON folks do. All traffic arriving at the port configured as a private VLAN only has one way to go - upstream to the router - even though it needs to communicate to the neighbor next door in an FTTH deployment. For the benefit of customer Layer 2 separation, I'm happy to forego the otherwise round-about traffic flow inefficiency. And since this type of Layer 2 isolation on Ethernet switches, DSLAM's or GPON access nodes doesn't require separate Layer 3 addressing upstream, it's a win-win. Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
