[unisog] Are cisco router VLAN ACL's stateful like a PIX?
r.fulton at auckland.ac.nz
Wed Feb 2 16:52:53 GMT 2005
On Wed, 2005-02-02 at 09:31 -0500, Michael Holstein wrote:
> > I'd dearly love to kill all MS network traffic on campus but I value my
> > life.
> As would us all :) .. realistically though, the only thing that really
> needs SMB/CIFS are :
> 1) wins servers
> 2) domain controllers
> 3) exchange servers
> 4) Microsoft file servers
> So just put the above together in a secure vlan(s) and setup ACLs
> allowing clients to do their SMB/CIFS to it and nowhere else.
> This has the added benefit of preventing folks from setting up their own
> private little domains without getting permission.
Hmmmm... you must have a very controlled environment! We have small file
servers and folks using network shares all over the place :(
We are embarking on a project to partition the network into security
domains this year and I will bare this idea in mind. We already have
faculty vlans and restricting MS traffic between them *may* be feasible.
Thanks for the thought!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050203/0b30b859/smime-0002.bin
More information about the unisog