Re: The best place to put the access lists
The best place for ACL's is at the access layer. You want to deny or permit packets the outer-most level you have control of. If you wait for their packets to get into the core of your network, then you have already compromised your network's security. If you do it at the router that your customer connects to, you can deny things like routing protocols and subnets that need not penetrate your network. The best solution for security is a firewall. If security is a mission critical application, a PIX should be used instead of ACL's. Kelly D Griffin, CCNA, CCDA Network Engineer Kg2 Network Design http://www.kg2.com - Original Message - From: "Piatnitchi Cristian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 07, 2001 9:59 AM Subject: The best place to put the access lists Hi all I need an advice. I have to choose between the set up ACLs on the router and to set up ACLs on the servers's swtich. Which one is the best solution and why ? Thanks in advance Cristian Piatnitchi _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The best place to put the access lists
Hi all I need an advice. I have to choose between the set up ACLs on the router and to set up ACLs on the servers's swtich. Which one is the best solution and why ? Thanks in advance Cristian Piatnitchi What is the problem you are trying to solve? What is the purpose of the access lists? Is there one router and one switch, or are there multiple points where the lists need to be maintained? How much CPU power is available on the router and switch, respectively? Would access lists significantly affect the forwarding paths on either device? _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: The best place to put the access lists
I agree that access lists should be placed at the access layer. However, I'd argue that a firewall is a minimum component of security, not a best solution for security. Those companies that depend solely on a firewall for security could be in for a rude awakening. Additionally, if security is mission critical, a PIX wouldn't be my recommendation. It's decent at what it does, but lacks the ability to truly interrogate the network traffic. Craig At 10:16 AM 2/7/2001 -0600, you wrote: The best place for ACL's is at the access layer. You want to deny or permit packets the outer-most level you have control of. If you wait for their packets to get into the core of your network, then you have already compromised your network's security. If you do it at the router that your customer connects to, you can deny things like routing protocols and subnets that need not penetrate your network. The best solution for security is a firewall. If security is a mission critical application, a PIX should be used instead of ACL's. Kelly D Griffin, CCNA, CCDA Network Engineer Kg2 Network Design http://www.kg2.com - Original Message - From: "Piatnitchi Cristian" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 07, 2001 9:59 AM Subject: The best place to put the access lists Hi all I need an advice. I have to choose between the set up ACLs on the router and to set up ACLs on the servers's swtich. Which one is the best solution and why ? Thanks in advance Cristian Piatnitchi _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: The best place to put the access lists
Hi all 1.What is the problem you are trying to solve? Between my access router and the main servers will be installed a VPN software. My acces router uses TACACS+ for authentication. 2 What is the purpose of the access lists? I defined there some access lists for access our servers. 3. Is there one router and one switch, or are there multiple points where the lists need to be maintained? To simplify the problem I could say that there is one interesting switch and one network access serve. My problems is if should I keep the ACL's on the access server or to move them on the switch. 4 How much CPU power is available on the router and switch, respectively? Would access lists significantly affect the forwarding paths on either device? the nas is C3640 and the switch could be a C2928XL Thanks for your previous answers _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]