Richard L. Hamilton writes: > For a few of those, if I dealt with them, I'd probably prefer to do so at > the level of that protocol, possibly statefully, rather than at the MAC > level.
Certainly; yes. It would be useful to handle those at least symbolically (in some higher-level protocol sensitive manner) rather than writing out bytes and masks in the filter, if not statefully. However, the reason I've seen to filter non-IP protocols at the MAC level is when dealing with bridging and "weird" proprietary protocols (such as CDP) that can waste expensive WAN bandwidth if you don't filter them away. You don't need to know much about the protocol to do that; just the Ethertype and/or some well-known MAC multicast addresses. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
