DHCP or fixed IPs for servers ????
Stefan Held
obi at unixkiste.org
Tue Sep 20 14:25:55 UTC 2011
Am Montag, den 19.09.2011, 22:45 -0700 schrieb Craig White:
> ----
> If you feel that adding a layer of shell script parsing and then
> manipulating a managed switch somehow secures a network schema that is
> insecure at its foundation is a reasonable implementation then we
> obviously disagree on the most basic level and any further discussion is
> rather pointless.
Sure, further discussion is pointless.
It seems you have some reading to do:
* Ciso DHCP Snooping:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snoodhcp.html
* Juniper DHCP Snooping:
http://www.juniper.net/techpubs/en_US/junos9.2/topics/concept/port-security-dhcp-snooping.html
* HP DHCP Snooping:
http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S12_ProCurve-DHCP-snooping-final.pdf
Doing it via Shell Script was done at a time where this option was not
availlable on those managed devices and implemented in a nagios check
script.
> ----
> I think what we are talking about takes 30 seconds with vi/emacs (edit
> the network interface). Maybe you will do this once in the lifetime of a
> server. If there are enough servers to suggest that this is beyond a
> simple task, you should be using a comprehensive configuration
> management system such as puppet. Your entire premise is absurd at its
> core.
Sure, using something "like" puppet is normal in such environments. But
why on earth should i use it for ip adress assignment?
But frankly, when did puppet become really stable? Last 3 Years?
I have managed Networks in bigger size over 20 Years now. So please,
there is allways a different way in doing things. Sometimes there are
policies to follow if you become eaten by companies, and things change.
And please stop your 3l33t behavior and tone.
Thx and have a nice day.
--
Stefan Held VI has only 2 Modes:
obi unixkiste org The first one is for beeping all the time,
FreeNode: foo_bar the second destroys the text.
---------------------------------------------------------------------------
perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/'
---------------------------------------------------------------------------
More information about the users
mailing list