nanog mailing list archives
Re: it's here
From: jerry scharf <scharf () vix com>
Date: Wed, 13 Feb 2002 08:38:03 -0800
C'mon guys. Exchange point rate anti-spoof filtering is not necessary to solve this problem.
This is why there are switches (using vlans if you choose) and router interfaces. Unless you are taking an OC3's worth of management traffic, you create a net just for your management traffic, put in on an interface and hang your entire site's snmp gear off of that. If you want it to be private, GRE and 1918 addresses are your friends, and filter to allow only traffic from those nets. None of this is new or hard.
Also, most everyone now supports snmpv3 security, so you can do that as well. (I just do it the old way I know how, so I haven't played much with this.)
jerry
Current thread:
- it's here Alex Rubenstein (Feb 12)
- Re: it's here Sean Donelan (Feb 12)
- Re: it's here Valdis . Kletnieks (Feb 12)
- Re: it's here Eric Brandwine (Feb 12)
- Re: it's here Sean Donelan (Feb 12)
- Re: it's here Jon O . (Feb 12)
- Re: it's here Ron da Silva (Feb 13)
- Re: it's here Eric Brandwine (Feb 13)
- Re: it's here jerry scharf (Feb 13)
- Re: it's here jlewis (Feb 13)
- Re: it's here William Allen Simpson (Feb 13)
- Re: it's here Jared Mauch (Feb 13)
- Re: it's here Sean Donelan (Feb 12)
- Re: it's here Jesper Skriver (Feb 13)
- Re: it's here Eric Brandwine (Feb 13)
- Re: it's here kevin graham (Feb 13)
- Re: it's here Jesper Skriver (Feb 13)
- Re: it's here Jake Khuon (Feb 13)
- Re: it's here Steve Noble (Feb 13)
- RE: it's here Tony Hain (Feb 13)