[unisog] Are cisco router VLAN ACL's stateful like a PIX?

Russell Fulton r.fulton at auckland.ac.nz
Wed Feb 2 16:52:53 GMT 2005


On Wed, 2005-02-02 at 09:31 -0500, Michael Holstein wrote:
> > I'd dearly love to kill all MS network traffic on campus but I value my
> > life.
> 
> As would us all :) .. realistically though, the only thing that really 
> needs SMB/CIFS are :
> 
> 1) wins servers
> 2) domain controllers
> 3) exchange servers
> 4) Microsoft file servers
> 
> So just put the above together in a secure vlan(s) and setup ACLs 
> allowing clients to do their SMB/CIFS to it and nowhere else.
> 
> This has the added benefit of preventing folks from setting up their own 
> private little domains without getting permission.

Hmmmm... you must have a very controlled environment! We have small file
servers and folks using network shares all over the place :(

We are embarking on a project to partition the network into security
domains this year and I will bare this idea in mind.  We already have
faculty vlans and restricting MS traffic between them *may* be feasible.

Thanks for the thought!

Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050203/0b30b859/smime-0002.bin


More information about the unisog mailing list