On Jan 6, 2014, at 13:22 , Paul Ferguson <fergdawgs...@mykolab.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > On 1/6/2014 1:08 PM, Owen DeLong wrote: > >> The port isn't particularly trusted, but it is allowed to send RAs >> which are forwarded to the network by default. Obviously a sane >> switch would allow this configuration to be changed. We're not >> talking about the security model for a network, we're talking about >> the default behavior of a switch. >> >> Defaults are, inherently guesses to some extent. Nonetheless, a >> switch must have some default behavior. >> >> It seems to me that in the case of switches which have otherwise >> designated uplink ports, it is logical to make those ports default >> to RA allowed while defaulting to not allowing RAs from other ports >> by default. > > Some people do not want switches making IP address assignments. That's > all. :-) > Huh??? I don't think I said anything even remotely like that. Owen
