[unisog] Are cisco router VLAN ACL's stateful like a PIX?

John Kristoff jtk at northwestern.edu
Tue Feb 1 21:26:55 GMT 2005


On Tue, 1 Feb 2005 15:52:57 -0500
"BACHAND, Dave (Info. Tech. Services)" <BachandD at easternct.edu> wrote:

> OK, you got my curiosity up.  We *DO* selectively block ICMP within the
> LAN due to it's abuse by all manner viruses etc.  In practice, we allow
> all protocols between the user(s) VLAN(s) and server VLAN(s).  We block
> ICMP between user VLANs.  So far it has pretty effectively stopped RPC
> type viruses from flying around the network.

Blocking ICMP between VLANs has stopped RPC viruses, that's a pretty
neat trick.  You must have your voodoo filters turned up to 'more magic'.

John



More information about the unisog mailing list