Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ethernet EP - MAC Address Filtering

  • From: David McGaugh
  • Date: Mon Feb 11 23:40:47 2002

This is a multi-part message in MIME format.
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Actually, I was more speaking in terms of applying the filters to your
router port as an Exchange Point Member to prevent another unscrupulous
exchange point member from default routing you or other things nasty.


Deepak Jain wrote:
> -----Original Message-----
> From: []On Behalf Of
> David McGaugh
> Sent: Friday, February 08, 2002 3:18 PM
> To:
> Subject: Ethernet EP - MAC Address Filtering
> Just curious if anyone is performing MAC Address Filtering at any of
> the Ethernet Exchange Points. If so has it been found to be easy to
> administer or difficult where by peers may be changing Layer 3 devices
> or Interfaces without notice? Alternately is MAC Address Filtering
> considered an unneeded security measure?
> Thanks,
> Dave
> ----
> Speaking of this, is MAC Address filtering [at an IX] really designed to
> eliminate the possibility of new hardware showing up on the port or is it
> more the idea of keeping lots of boxes from showing up directly [like
> hanging another switch off the port]. If its the latter, a seemingly
> sensible approach would be to limit the number of unique MAC addresses to
> like 2-4 per port.
> This way you can change your equipment without prior notice, but you can't
> (as easily) violate the integrity of the switching fabric.
> I know for our network ports we limit to no more than 2 unique MACs in a
> certain time period [~5 minutes or so] which again, allows swapping of
> equipment without compromising anything that MAC layer filtering is supposed
> to protect.
> Deepak Jain
Content-Type: text/x-vcard; charset=us-ascii;
Content-Transfer-Encoding: 7bit
Content-Description: Card for Dave McGaugh
Content-Disposition: attachment;

org:Electric Lightwave, Inc.;Network Planning and Engineering
adr:;;4400 NE 77th Ave.;Vancouver;WA;98662;USA
title:Internetwork Engineer
fn:David McGaugh


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.