> From: v6ops <v6ops-bounces@xxxxxxxx> On Behalf Of Christian Huitema ... > I am not so sure about 802.1x. The routers could of course support a setting > like that of the IETF network, and that would have some advantage over > WPA residential, but it would not address an important threat: local device > compromised by some virus and engaging in DHCP spoofing. DHCP guard or > RA guard would still be needed. 802.1X is very widely used in GPON and DSL networks and I haven't heard of it having any issues. I'm not understanding the reference to WPA and local devices, since I think we're talking about the WAN and not the LAN interface here? .......... > > On Jan 7, 2019, at 2:38 AM, JORDI PALET MARTINEZ ... > > Considering that, networks using DHCPv6, depending on their specific > > topologies, should consider using authentication mechanisms such as > > those based on IEEE-802.1X or access control mechanisms such as DHCP > > snooping, DHCP guard, or TR-069, among other possible choices. TR-069 is a management protocol (that goes over HTTP, using TLS for security), and not an access control mechanism. I suggest it be removed from this list. Barbara
