[unisog] Are cisco router VLAN ACL's stateful like a PIX?
jtk at northwestern.edu
Tue Feb 1 21:26:55 GMT 2005
On Tue, 1 Feb 2005 15:52:57 -0500
"BACHAND, Dave (Info. Tech. Services)" <BachandD at easternct.edu> wrote:
> OK, you got my curiosity up. We *DO* selectively block ICMP within the
> LAN due to it's abuse by all manner viruses etc. In practice, we allow
> all protocols between the user(s) VLAN(s) and server VLAN(s). We block
> ICMP between user VLANs. So far it has pretty effectively stopped RPC
> type viruses from flying around the network.
Blocking ICMP between VLANs has stopped RPC viruses, that's a pretty
neat trick. You must have your voodoo filters turned up to 'more magic'.
More information about the unisog