it's here

• Previous message (by thread): it's here
• Next message (by thread): it's here
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

C'mon guys. Exchange point rate anti-spoof filtering is not necessary to 
solve this problem.

This is why there are switches (using vlans if you choose) and router 
interfaces. Unless you are taking an OC3's worth of management traffic, you 
create a net just for your management traffic, put in on an interface and 
hang your entire site's snmp gear off of that. If you want it to be 
private, GRE and 1918 addresses are your friends, and filter to allow only 
traffic from those nets. None of this is new or hard.

Also, most everyone now supports snmpv3 security, so you can do that as 
well. (I just do it the old way I know how, so I haven't played much with 
this.)

jerry

• Previous message (by thread): it's here
• Next message (by thread): it's here
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]