On 07/06/2013 18:21, Mark Tinka wrote:
If you're interested, TR-156 from the Broadband Forum speaks
to some pretty cool security features required in GPON
implementations that the Ethernet switching world could
learn from for these kinds of deployment scenarios.
yeah, particularly in
On Friday, June 07, 2013 08:48:49 PM Aaron wrote:
Config'ing a GPON (OLT) for unsecure mode (what calix
calls it in their C7 olt/gpon) or TLS I think forego's
the L2 blocking you mentioned
Yes, the spec. from the Broadband forum gives GPON vendors
the opportunity for operators to either turn
On Tuesday, January 15, 2013 05:58:12 PM Nick Hilliard
wrote:
I don't get why people shouldn't be able to ping each
other / etc. Isn't this traffic functionally equivalent
to any other Internet traffic? What's different about
it?
GPON implementations standardize this already, i.e., users
: Friday, June 07, 2013 12:22 PM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] list wisdom please, Cisco switches
On Tuesday, January 15, 2013 05:58:12 PM Nick Hilliard
wrote:
I don't get why people shouldn't be able to ping each other / etc.
Isn't this traffic functionally equivalent to any
On 16/01/13 06:40, Mattias Gyllenvarg wrote:
Added arp inspection too your list.
...erm... that's what DAI is (dynamic arp inspection)
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at
Sounds like a job for 3560X series switches (expansion modules allow for
2x10G sfp+ ). You could probably get them for better than $1300 if all you
need is LANBase. Unfortunately, those 10Gbe cards are about the same price.
Modular power supplies, too.
Using private VLANs should make quick work
On 15/01/2013 15:30, Alex Pressé wrote:
Using private VLANs should make quick work of keeping traffic separate.
I don't get why people shouldn't be able to ping each other / etc. Isn't
this traffic functionally equivalent to any other Internet traffic? What's
different about it?
Nick
] On Behalf Of Blake Dunlap
Sent: Monday, January 14, 2013 8:44 PM
To: Andrew Miehs
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] list wisdom please, Cisco switches
i dont know if i'd do 2960s here. Perhaps the me series maybe a 3600?
On Mon, Jan 14, 2013 at 7:33 PM, Andrew Miehs and...@2sheds.de
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Nick Hilliard
Sent: Tuesday, January 15, 2013 9:58 AM
To: Alex Pressé
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] list wisdom please, Cisco switches
On 15/01/2013 15:30, Alex Pressé wrote:
Using private VLANs should make quick work
Sent: Tuesday, January 15, 2013 9:58 AM
To: Alex Pressé
Cc: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] list wisdom please, Cisco switches
On 15/01/2013 15:30, Alex Pressé wrote:
Using private VLANs should make quick work of keeping traffic separate.
I don't get why people shouldn't
On 15/01/2013 19:43, Blake Dunlap wrote:
Yeah that's the reason. Its not about talking to one another, its about
protecting from attacks that could allow snooping on traffic flows, to
hijacking.
This is mildly troublesome. What you really want in your switch is:
- dhcp option 82 support
-
On Tue 2013-01-15 at 10:58 AM Nick Hilliard wrote:
I don't get why people shouldn't be able to ping each other / etc. Isn't
this traffic functionally equivalent to any other Internet traffic? What's
different about it?
Easy - the Internet is a routed L3 infrastructure with security measures
Added arp inspection too your list.
- dhcp option 82 support
- dhcp snooping
- DAI
- port security
- urpf on first hop
- RA guard / dhcpv6 snooping / ND guard if you're providing ipv6
- broadcast / multicast storm control
- lan broadcast segmentation for session hijack protection
- common L2
Hi,
We are looking to install cisco switches to feed an apartment complex with
internet.
Each unit has a Cat5e cable back to a common room.
We have our own fiber into the common room that goes back to our pop.
We want to provide 10/100/1000 service options to the tenants.
The backhaul today
How long is a piece of string? You need to work out your architecture first
- then you can find your switches.
Are you sure you want L3 functionality in the common room, or would it not
be enough to run the SVIs from the PoP?
I would probably use a 2960S in the common rooms, and run VSS 6500s in
The reason I suggested the 2960s is as I would probably not do layer3 to
the edge - it would probably be too expensive . Does IPv6 with 24x SVIs and
CoPP work on a ME3600? I may use something like an ME though if John is
using MPLS... Really depends on what the rest of the network looks like,
what
16 matches
Mail list logo
