A system and a method for a first node in a communications network to authenticate a second node. The second node is connected by a communications link to a port of the first node. The method comprises setting a status that the second node is regarded as untrusted by the first node, so that the first node discards selected network management messages received over the communications link from the second node while it is regarded as untrusted. The method further comprises performing an authentication protocol with the second node by receiving at least one message from the second node over the communications link. Such message is discarded if it does not form part of the authentication protocol. The first node then treats the second node as trusted if the authentication protocol is successful, so that the selected network management messages received from the second node are no longer discarded.