On 11-okt-2007, at 22:48, Richard Pruss wrote:
That would require PANA snooping on every switch that does Option 82 insertion and DHCP snooping today. It would also require a suite of new features on those switches to filter at the IP layer protocol. Current switches do MAC IP matching and security features around those two on a per port basis. This is where the PANA proposal breaks down as it requires every element in the network to change.
I don't think this can be a serious argument against other solutions that DHCP, because EVERY solution requires numerous changes. The fact that adding authentication to DHCP means a little less ISP infrastructure needs to change can't be a reason to reject other solutions out of hand. Especially because a DHCP solution would impose considerable issues on the end-user side. I also don't remember seeing this as a requirement in the list that Mark posted.
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
