Donour Sizemore wrote: > On Feb 1, 2010, at 9:57 AM, James Carlson wrote: >> So what's the deal with the folks wanting GVRP? Are they unaware of the >> security issues, or do they have a usage case where they don't care? > > In this case, the feature has been specifically requested by a customer. In a > cloud environment, which lots of virtual machines, admins want to easily > create lot so vlans and have the fabric autoconfigure.
OK. >> Also, one detailed question on the intended implementation: there's no >> need to send any GVRP messages if the only link in use on a port is the >> PVID. Is that optimization made? > > Yes. > >> If I have "vlan-announce" set to >> "gvrp" and I have only (say) "e1000g0" plumbed, do I get empty GVRP >> messages? > > No. Empty messages aren't sent. In that case, is there much harm in enabling the feature by default and asking users to disable if they don't like it? It seems like (despite the inherent problems) it could be a generally helpful thing, along the lines of IGMP. -- James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
