[prev in list] [next in list] [prev in thread] [next in thread] 

List:       foundry-nsp
Subject:    [f-nsp] Comment and ACL Question
From:       Craig Bernstein <foundry-nsp () cbernstein ! com>
Date:       2002-08-24 2:34:30
[Download RAW message or body]

On Mon, 05 Aug 2002, Marshall Eisenberg wrote:

> Andrew,
> A couple of suggestions:
>
> a) Please contact your sales team and ask to speak with the system
> engineer
> b) If you cannot reach your sales team, please contact tech support
> (support@foundrynet.com)

Before I pose my question, I wanted to comment on Marshall's reply to
Andrew.  In several recent threads, Marshall has replied something to the
effect of "Do you have a contract? -- Call your AM/SE/the TAC."  I would
like to suggest that most mailing list users knew that route already, and
chose to ask their question here anyway.

This could be because they don't have a contract, aren't getting a
satisfactory answer from Foundry, or just prefer to interact in this type
of forum.  One of the huge benefits of a mailing list is that the
questions and answers are shared with many interested parties, both
resulting in a ">=2 heads are better than 1"  effect and teaching everyone
something in the process.  (I will now avoid getting started on Foundry
support's own lack of a user accessible knowledge base.)

If a list member would like to use his position at Foundry to research
these issues and contribute to that process, then I think it is great.
If they don't want to/don't have time/it is against company
policy/whatever that is fine too, but I don't think it is necessary to
refer every question to the TAC.

That is just my personal opinion, and I hope it doesn't read like a flame.
One of my main disappointments with regard to Foundry has been the lack of
a 'dynamic user community' to borrow Don's words.  Foundry representatives
on a list like this one should encourage dialogue, not stifle it!

---

So my question is this -- I am trying to prevent users on my network from
accidentally or intentionally bringing up 'rogue' DHCP servers.  It is
trivial to do this with an ACL.  However, on a FastIron 1500 (JetCore,
v7.5.05A) with several hundred ports, I can not figure out a way to apply
the ACL across multiple ports.  It appears this actually requires adding
the ACL to each interface, adding 600 or so lines to the config on each
switch.  This seems ... inefficient.

Am I missing something here?  Is there a better way?  Essentially what I
need is the equivalent of a Cisco Catalyst VACL, but I can not find it.

I am also interested in generally discussing others' experiences with
Foundry (the products and the company) and helping out where I can if
anyone else has questions.  They sold nearly $300 million worth of these
things in the last twelve months; there must be some administrators out
there somewhere!

-- 
...Craig

[prev in list] [next in list] [prev in thread] [next in thread]