[Info-vax] DECnet challenge
Mark Berryman
mark at theberrymans.com
Sat Mar 2 13:42:54 EST 2019
On 3/2/19 3:32 AM, Andy Burns wrote:
> Mark Berryman wrote:
>
>> The switches have been configured so that no port may accept a DECnet
>> MAC address not assigned to that port.
>
> Every switch, or just those switches which have VMS kit connected to them?
Switches with DECnet hosts need individual ports locked to specific MAC
addresses.
Leaf switches not in the path of a DECnet host to the egress router
don't need anything.
Core and distribution switches, including any switch in the path just
described, need to block any MAC address starting with aa-00-04-00 on
anything but its appropriate uplink and downlink ports.
How widespread your filtering needs to be depends entirely on how
widespread your DECnet hosts are.
Mark Berryman
More information about the Info-vax
mailing list