Am Montag, den 19.09.2011, 22:45 -0700 schrieb Craig White: > ---- > If you feel that adding a layer of shell script parsing and then > manipulating a managed switch somehow secures a network schema that is > insecure at its foundation is a reasonable implementation then we > obviously disagree on the most basic level and any further discussion is > rather pointless. Sure, further discussion is pointless. It seems you have some reading to do: * Ciso DHCP Snooping: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snoodhcp.html * Juniper DHCP Snooping: http://www.juniper.net/techpubs/en_US/junos9.2/topics/concept/port-security-dhcp-snooping.html * HP DHCP Snooping: http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S12_ProCurve-DHCP-snooping-final.pdf Doing it via Shell Script was done at a time where this option was not availlable on those managed devices and implemented in a nagios check script. > ---- > I think what we are talking about takes 30 seconds with vi/emacs (edit > the network interface). Maybe you will do this once in the lifetime of a > server. If there are enough servers to suggest that this is beyond a > simple task, you should be using a comprehensive configuration > management system such as puppet. Your entire premise is absurd at its > core. Sure, using something "like" puppet is normal in such environments. But why on earth should i use it for ip adress assignment? But frankly, when did puppet become really stable? Last 3 Years? I have managed Networks in bigger size over 20 Years now. So please, there is allways a different way in doing things. Sometimes there are policies to follow if you become eaten by companies, and things change. And please stop your 3l33t behavior and tone. Thx and have a nice day. -- Stefan Held VI has only 2 Modes: obi unixkiste org The first one is for beeping all the time, FreeNode: foo_bar the second destroys the text. --------------------------------------------------------------------------- perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/' --------------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
