[rbridge] Rbridge port security
Eastlake III Donald-LDE008
Donald.Eastlake at motorola.com
Sun May 13 21:23:28 PDT 2007
In connection with the topics in this thread:
I've looked at IS-IS security some more and the more recent versions of
it seem to provide strong protection against forged IS-IS hellos or
other control traffic. This generally seems to be an existing and better
way of handling this problem than my original suggestion of "turning
off" IS-IS on a port.
Caitlin's suggestion that TRILL encapsulated frames be ignored when
received on ports on which there is not an Rbridge adjacency is a good
one and it could be expanded a little to also drop such frames if their
source MAC address isn't that of a known Rbridge.
Thanks,
Donald
More information about the rbridge
mailing list