On Dec 3, 2019, at 3:34 AM, Richard Laager <[log in to unmask]> wrote:
> Enforcing a single MAC address is straightforward if the only thing
> plugged into the non-dedicated switch (on the "downstream" side) are
> routers. But what happens if hypothetically Wiktel and Paul Bunyan want
> to exchange an Ethernet circuit VLAN over the CNS switch? The CNS switch
> is going to see more than just our router MAC addresses. CNS can't limit
> us to one MAC on a per-port basis.
Juniper QFX and MX have options for limiting number of mac addresses per logical interface and/or VLAN. A quick scrub of other common vendors (Cisco, Arista) have the same.
I wouldn’t see it as unreasonable to *require* a remote switch operator by whatever means necessary to enforce a one MAC address limit on their extension switch per logical participant handoff.