If we do that, I'd like to propose also that ports be limited to one MAC. Obviously, this wouldn't apply to ports between (any combination of) MICE Switches and Remote Switches.
I played with port security for this and had pretty decent success.
The Amsterdam Internet exchange is using L2ACLs for this with great success.
Using port security also had the benefit of not having to track each carriers mac address.
Here'd be an example of what this would look like (with * marking ports limited to 1 MAC):
For now, we'd treat the CNS switch as a MICE Switch (since it's loaned to MICE), but if that changed, then it might be another example of a Remote Switch.
Mankato Networks remote switch is managed by MICE.
CNS & Mankato Networks: Does the requirement to break each customer out into the Remote Switch kill your business model?
Not really a problem, I started breaking them out anyway. I'd have a couple of legacy users that would need to shuffle ports but not a big deal. ######################################################################## To unsubscribe from the MICE-DISCUSS list, click the following link: http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1