Re: fs.com Ethernet switches

[Chris Adams <cma () cmadams net>]

Once upon a time, Richard Angeletti <reno () psc edu> said:
> Wondering if anyone on the list has any experiences with fs.com Ethernet
> switches that they are willing to share (good or bad)?
>
> We're looking for some cost effective L2 only 10Gb-T switches and their
> S58XX switches have come up as a potential option.

I set up a couple of S5850s for a sever cluster recently, with MC-LAG
and a bit of L3 for a management network.  They worked fine.

The only issue I had was getting ACLs applied to limit device and
management net access; they had a couple of extra steps needed.  The
typical IOS-ish "ip access-group" command is accepted on an interface,
but it doesn't actually work that way - you have to do a policy-map that
references a class-map that references an access-list, and then apply
the policy-map to the interface.

Also, putting an ACL on "line vty" only applied after authentication (so
you could SSH and authenticate, only to then be denied access, which
makes it susceptible to password scanners).  Instead you configure an
ACL on the SSH service itself.

-- 
Chris Adams <cma () cmadams net>