On 12/2/19 10:30 AM, Steve Howard wrote:
If supported by the remote switch, enforce a specific MAC address requirement on the MICE VLAN for remote switches.
I'm not 100% sure I follow your example here. Enforcing a single MAC address is straightforward if the only thing plugged into the non-dedicated switch (on the "downstream" side) are routers. But what happens if hypothetically Wiktel and Paul Bunyan want to exchange an Ethernet circuit VLAN over the CNS switch? The CNS switch is going to see more than just our router MAC addresses. CNS can't limit us to one MAC on a per-port basis. Are you saying that a remote switch would use a layer 2 ACL to limit the source MAC transmitting into the MICE VLAN while allowing other MACs on other VLANs? Is this a relatively common feature? Is this something that you feel would be reasonable to _require_ of a non-dedicated switch? -- Richard