[45722] in North American Network Operators' Group
Re: it's here
daemon@ATHENA.MIT.EDU (Steve Noble)
Wed Feb 13 12:58:40 2002
Date: Wed, 13 Feb 2002 10:03:42 -0800
From: Steve Noble <snoble@sonn.com>
To: Jake Khuon <khuon@NEEBU.Net>
Cc: nanog@merit.edu
Message-ID: <20020213100342.K89852@tabby.sonn.com>
Mail-Followup-To: Jake Khuon <khuon@NEEBU.Net>, nanog@merit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200202131750.g1DHoGGY008836@llama.wooj.com>; from khuon@NEEBU.Net on Wed, Feb 13, 2002 at 09:50:16AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Feb 13, 2002 at 09:50:16AM -0800, Jake Khuon wrote:
>
> EB> Without control plane seperation (and it's not possible with Cisco,
> EB> Juniper, or most other routers out there), management services are
> EB> listening on the public network, and that makes this very scary,
> EB> regardless of filtering policies, etc.
>
> Huh? Junipers have the fxp0 interface which can be used for management.
> You're just not supposed to route between the management fxp0 and your
> production interfaces.
As do Cisco GSR's.. on their e0 interface. Same difference. You can even
enable or disable CEF on it :)
--
-------------------------------------------------------------------------------
: Steven Noble / Network Janitor / Be free my soul and leave this world alone :
: My views = My views != The views of any of my past or present employers :
-------------------------------------------------------------------------------
