-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 1/6/2014 1:08 PM, Owen DeLong wrote:
The port isn't particularly trusted, but it is allowed to send RAs which are forwarded to the network by default. Obviously a sane switch would allow this configuration to be changed. We're not talking about the security model for a network, we're talking about the default behavior of a switch.
Defaults are, inherently guesses to some extent. Nonetheless, a switch must have some default behavior.
It seems to me that in the case of switches which have otherwise designated uplink ports, it is logical to make those ports default to RA allowed while defaulting to not allowing RAs from other ports by default.
Some people do not want switches making IP address assignments. That's all. :-) - - ferg - -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLLHpMACgkQKJasdVTchbL6+gEApBli/t4RF4Eq3XroJkqrRmgn 9WYSy2ReVwo7Bx9l+PMA/16zyzwOgG4fdNc9zgt0A4Pb+dGpMBx8LkRY6Kj71F5t =J8uY -----END PGP SIGNATURE-----