This is a multi-part message in MIME format. --------------7DFBF929699F5DC9E36CC8F2 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Actually, I was more speaking in terms of applying the filters to your router port as an Exchange Point Member to prevent another unscrupulous exchange point member from default routing you or other things nasty. -Dave Deepak Jain wrote:

-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of David McGaugh Sent: Friday, February 08, 2002 3:18 PM To: nanog@merit.edu Subject: Ethernet EP - MAC Address Filtering

Just curious if anyone is performing MAC Address Filtering at any of the Ethernet Exchange Points. If so has it been found to be easy to administer or difficult where by peers may be changing Layer 3 devices or Interfaces without notice? Alternately is MAC Address Filtering considered an unneeded security measure?

Thanks, Dave

----

Speaking of this, is MAC Address filtering [at an IX] really designed to eliminate the possibility of new hardware showing up on the port or is it more the idea of keeping lots of boxes from showing up directly [like hanging another switch off the port]. If its the latter, a seemingly sensible approach would be to limit the number of unique MAC addresses to like 2-4 per port.

This way you can change your equipment without prior notice, but you can't (as easily) violate the integrity of the switching fabric.

I know for our network ports we limit to no more than 2 unique MACs in a certain time period [~5 minutes or so] which again, allows swapping of equipment without compromising anything that MAC layer filtering is supposed to protect.

Deepak Jain AiNET

--------------7DFBF929699F5DC9E36CC8F2 Content-Type: text/x-vcard; charset=us-ascii; name="david_mcgaugh.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Dave McGaugh Content-Disposition: attachment; filename="david_mcgaugh.vcf" begin:vcard n:McGaugh;David tel;fax:360.816.3297 tel;work:360.816.3718 x-mozilla-html:FALSE url:http://www.eli.net org:Electric Lightwave, Inc.;Network Planning and Engineering adr:;;4400 NE 77th Ave.;Vancouver;WA;98662;USA version:2.1 email;internet:dmcgaugh@eli.net title:Internetwork Engineer x-mozilla-cpt:;26448 fn:David McGaugh end:vcard --------------7DFBF929699F5DC9E36CC8F2--