[unisog] Are cisco router VLAN ACL's stateful like a PIX?
cgaylord at vt.edu
Tue Feb 1 18:50:26 GMT 2005
BACHAND, Dave (Info. Tech. Services) wrote:
>I suggest using a two tiered approach. Use simple ACLs on the routers
>for what they are good at, short, broad swipes at control. IE- no ICMP,
>access to only certain subnets, etc with short ACLs. Then do more in
yeah, except that "no ICMP" is about the worst thing you can do. other
than that, right on!
just what part of "Internet Protocol" makes you think you don't want
"Internet Control Message Protocol"?
[even the lame "but then they won't find me with my head in the sand"
arguments are vacuous nowadays.]
More information about the unisog