> I reckon you mean allowing domain admins/root admins to read GRE keys > assigned to guest networks via API/GUI, is that correct?
Yes, exactly. > Do you think they should also have the ability of assigning specific keys to > particular guest networks if needed? Yes to this as well. Chiradeep's comment is pretty dead on. Assigning a range would be the minimum level of control, with specific ID's being assigned per request being both (1) harder to implement (i.e.: don't allow the selected ID to clash with other in use IDs), but (2) more powerful / useful under certain use cases. -chip
