We block all traffic to 239.255.255.250. This is MS SSDP traffic that we have no need for and it is very chatty. It has not caused any issues as yet.
Fyi, Brian From: John Kaftan [mailto:[email protected]] Sent: Friday, February 08, 2013 7:35 AM To: Enterasys Customer Mailing List Subject: [enterasys] Policy Dreamer We are just starting to dream about policy. We are using it as part of NAC in our residence halls but have not really played around with it beyond that. When I do packet captures I see the usual junk flying around our network, i.e. various broadcasts from MS or what have you. I see no reason why clients need to talk to each other at all. The only thing our users need is to be able to arp so they can find the gateway, DHCP, DNS, and access to whatever services we are providing for them centrally, e.g. printing, files, directory, internet, etc. Has anyone taken the lockdown approach where you only allow the protocols that are needed rather than blocking the ones that you don't like? My guess is that this approach is too restrictive and that phone rings too much, but "I have a dream...." -- John Kaftan IT Infrastructure Manager Utica College * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
