On Jan 6, 2014, at 13:22 , Paul Ferguson <fergdawgster@mykolab.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 1/6/2014 1:08 PM, Owen DeLong wrote:
The port isn't particularly trusted, but it is allowed to send RAs which are forwarded to the network by default. Obviously a sane switch would allow this configuration to be changed. We're not talking about the security model for a network, we're talking about the default behavior of a switch.
Defaults are, inherently guesses to some extent. Nonetheless, a switch must have some default behavior.
It seems to me that in the case of switches which have otherwise designated uplink ports, it is logical to make those ports default to RA allowed while defaulting to not allowing RAs from other ports by default.
Some people do not want switches making IP address assignments. That's all. :-)
Huh??? I don't think I said anything even remotely like that. Owen