|
HP OpenVMS Systemsask the wizard |
|
The Question is: DECnet MAC Addresses and Cisco port security We want to enable port security on out Cisco Routers. This feature disables a port if more than one Ethernet source address is seen on a given port. DECnet changes the NIC's MAC address during boot, apparently before transmitting anything. Does DECnet, IP or LAT in any circumstance ever send packets with the Ethernet source address set to the "Hardware address" (08-00-2B... and the like), and not the DECnet based "MAC address" (AA-00-04-00-xx-xx)? It appears not (except for machines that MOP boot), but I would like to know for sure before enabling port security. Any packet transmitted with a different source Ethernet address will cause the port to shut down. Regards, Phil Tregoning The Answer is : Existing OpenVMS networking protocols do use unique source addresses. For instance, an OpenVMS Cluster configuration will transmit and will use a special source address independent of the hardware address. The OpenVMS Wizard would thus not assume that there would be only one source IEEE 802.3 address eminating from an OpenVMS host; you may now be unable to successfully enable this option and/or you may well encounter future problems with this option if/when future changes are made to OpenVMS and its networking or when you enable specific options. (And such filtering would be difficult to locate.) The OpenVMS Wizard cannot recommend placing protocol or address filters among the hosts of an OpenVMS Cluster, for instance -- an OpenVMS Cluster is considered a single security domain, and the installation of filters within such configurations could result in instabilities and/or in potentially difficult-to-diagnose operational networking problems.
|