On 12/2/19 10:30 AM, Steve Howard wrote:
> If supported by the remote switch, enforce a specific MAC address
> requirement on the MICE VLAN for remote switches.
I'm not 100% sure I follow your example here.
Enforcing a single MAC address is straightforward if the only thing
plugged into the non-dedicated switch (on the "downstream" side) are
routers. But what happens if hypothetically Wiktel and Paul Bunyan want
to exchange an Ethernet circuit VLAN over the CNS switch? The CNS switch
is going to see more than just our router MAC addresses. CNS can't limit
us to one MAC on a per-port basis.
Are you saying that a remote switch would use a layer 2 ACL to limit the
source MAC transmitting into the MICE VLAN while allowing other MACs on
other VLANs? Is this a relatively common feature? Is this something that
you feel would be reasonable to _require_ of a non-dedicated switch?