Question

First Hop/L2 Security

  • 10 August 2018
  • 1 reply
  • 231 views

Hello,

are there any plans to bring first hop and layer 2 security to CL within the next year?
We are really pleased with CL and would like to utilize it at the edge of our campus network.

We are looking for the following features:
  • MAC address restriction on the port
  • DHCP snooping (IPv4/6)
  • Dynamic ARP Inspection
  • DHCP Guard
  • RA Guard
  • Storm Control

1 reply

Userlevel 4
Hello,
Hi @Tobi As we support some of these items, but not others. Information inline...


are there any plans to bring first hop and layer 2 security to CL within the next year?
We are really pleased with CL and would like to utilize it at the edge of our campus network.

We are looking for the following features:
  • MAC address restriction on the port


This depends upon what you mean here. We support 802.1x interfaces for MAC authentication bypass, or you can use ACLs for specific MACs on a port. But if you mean limiting the number of MACs on a port, then we don't support that yet.

  • DHCP snooping (IPv4/6)

This is on our roadmap but I can't give you an exact date for when we'll support it.

  • Dynamic ARP Inspection

This is on our roadmap but I can't give you an exact date for when we'll support it.

  • DHCP Guard

We don't support this yet.

  • RA Guard

We don't support this yet.

  • Storm Control


We already support this: https://docs.cumulusnetworks.com/display/DOCS/Spanning+Tree+and+Rapid+Spanning+Tree#SpanningTreeandRapidSpanningTree-StormControl

Reply