[ixpmanager] update-l2database.pl not updating database

Barry O'Donovan barry.odonovan at inex.ie
Thu Sep 26 08:03:39 IST 2013 


On 26/09/13 05:28, Brian Thompson wrote:
> Agreed, we limit mac addresses per port.  If we see excessive entries,
> the port gets disabled for 5 mins.

Yes, port security is pretty much SOP for exchanges but we (INEX) and 
LONAP are looking at hard coded member MACs to their ports for 
additional security. At INEX we've seen a very nasty failure mode with 
standard port security.

Hardcoding the MACs will also require some additional backend scripting 
to program and update the L2 access lists on the switches - probably 
just a bit of RANCID scripting; although we could also look at SNMP set 
if it was something that was supported.

  - Barry

>
> We would like this feature to work so members and operators can see
> which macaddresses are on which port.
>
>
> *Brian Thompson*
> Senior Infrastructure Engineer // Senior Second Guesser
>
> Direct: 503.943.6779
> Mobile: 503.707.9018 // Twitter: iovation
> *www.iovation.com <http://www.iovation.com/>*
>
>
>
> On Wed, Sep 25, 2013 at 3:25 PM, Rob Lister <rob at lonap.net
> <mailto:rob at lonap.net>> wrote:
>
>     Would definitely be good to use this a but more, perhaps in
>     combination with the ARP table etc, so that members can see the
>     current MAC we learn on their port.
>
>     We would also like to change our port security strategy soon, and
>     ideally to allow members to see and change the permitted MAC address
>     on their port, as well as the reverse DNS.
>
>     Obviously some back-end scripting required here.
>
>     Is there a list of variables available in the skins, or is it easy
>     to figure this out?
>
>
>
>     Rob
>
>
>     --
>     Robert Lister
>
>     On 25 Sep 2013, at 19:44, Barry O'Donovan <barry.odonovan at inex.ie
>     <mailto:barry.odonovan at inex.ie>> wrote:
>
>      > On 25/09/13 19:05, Brian Thompson wrote:
>      >> This definitely seems to be the issue.
>      >
>      > No, this is a red herring.
>      >
>      > The switchport database contains the physical MAC address of the
>     switch port - we don't use it for anything (yet, if ever).
>      >
>      > This has nothing what so ever to do with the l2database.pl
>     <http://l2database.pl> script.
>      >
>      > - Barry
>     _______________________________________________
>     INEX IXP Manager mailing list
>     ixpmanager at inex.ie <mailto:ixpmanager at inex.ie>
>     https://www.inex.ie/mailman/listinfo/ixpmanager
>
>
>
>
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> https://www.inex.ie/mailman/listinfo/ixpmanager
>

-- 


Kind regards,
Barry O'Donovan
INEX Operations

We're IPv6 Ready. Are you? http://www.ipv6ready.ie/

Mob: +353 86 801 7669
Tel: +353  1 685 4220
SIP: barry at opensolutions.ie
Fax: +353  1 685 4263

+-------------------------------+-------------------------------------+
| Open Source Solutions Ltd.    | INEX Operations Team                |
| Lynx House Old Church Road,   | Internet Neutral Exchange           |
| Lower Kilmacud Road,          | Association, 4027 Kingswood Road,   |
| Stillorgan, Co Dublin.        | Citywest Business Campus, Dublin 24 |
| http://www.opensolutions.ie/  | http://www.inex.ie/                 |
+-------------------------------+-------------------------------------+

More information about the ixpmanager mailing list