This is really getting off-topic for port-sparc (or any netbsd list for that
matter), but having used Cabletron's Securefast VLAN system for a few years,
I beg to differ with some of the characterizations given in the previous
messages.

First, if you really don't like the Securefast stuff, you can always _turn
it off_.  Every Cabletron switch, either by a setting in a given firmware,
or by loading a different firmware, can operate instead in traditional
802.1q mode, giving you your "expected" behavior.

However, Securefast adds one thing I've _never_ seen in any other VLAN
implementation - a _useful_ user mobility capability.  It uses the layer 2
address, which (despite standards saying it doesn't have to be) is globally
unique for basically anything _other_ than sparcs (thank/blame the card
manufacturers for this), as one of the possible identifiers for a station's
VLAN memberships, instead of being limited to only using ports as
identifiers.  This allows an end station to be plugged in _anywhere_ in the
switched network, and still retain the _same VLAN memberships and privileges,
and associated data_.  You can take your laptop from your desk and plug it in
somewhere across the building and still be part of the same logical network
segment, using the same IP address, routing data, etc.  Nothing else I have
seen, even the proposed experimental 802.1x extensions, comes anywhere close
to this for mobility.

As a side note, you _can_ set the VLAN manager to "allow duplicates" for a
given MAC address.  I don't pretend to know all the little caveats involved
in doing so, because generally, and especially given that, for example, the
MAC address space is _five orders of magnitude bigger_ than the IP address
space, it _just doesn't make sense to have multiple interfaces have the same
MAC address._  The manufacturers have gone to so much trouble to give every
card it's own address - why waste it?

jdarrow

-- 
John Darrow - Senior Technical Specialist               Office: 630/752-5201
Computing Services, Wheaton College, Wheaton, IL 60187  Fax:    630/752-5968
Alphapage: 6303160707@alphapage.airtouch.com            Pager:  630/316-0707
Email:     John.P.Darrow@wheaton.edu

<jchacon@genuity.net> wrote:
>Basically they aren't compliant and when we had engineers onsite they simply
>tried to claim the sun using 1 MAC on all interfaces was wrong and we should
>fix that.
>
>Standards? Not important.. :-)
>
>James
>
>>
>>On Sat, Oct 28, 2000 at 04:48:49PM -0400, jchacon@genuity.net wrote:
>>> Certain broken network switches (cabletron's come to mind running securefast)
>>> ignore the spec that a machine connected to different logical networks
>>> can use 1 MAC.
>>> 
>>> The cabletron's use the MAC as the key for switching traffic and ignores the
>>> vlan information for the ports. So what ends up happening is it rounds robins
>>> packets (and you see horrible packet loss) and packets on either network
>>> appear on the other.
>>> 
>>> That's one application I've had to change MAC's before since I couldn't get
>>> the switches changed out and Cabletron was convinced that a host returning
>>> 1 MAC for all cards was wrong. (Who cares about standards....)
>>
>>How could such hardware work in a 802.1q environnement then ?
>>Not to mention that then you could have one machine talk to the machine
>>of another VLAN just by knowing its MAC addr ...
>>
>>--
>>Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
>>--
>>
>>
>>
>>
>