[c-nsp] Two access-list questions..for Internet router
Higham, Josh
jhigham at epri.com
Tue Jan 22 13:10:14 EST 2008
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of jacob c
> Sent: Tuesday, January 22, 2008 8:46 AM
>
> 1) Does anyone see any issue with ONLY allowing 1.1.1.65
> /27 range into my network since that is my only Public IP Range?
Make sure that you include your interface IP (if you have a routed
block), but I think that's a pretty common configuration.
> 2) Is it best practice (performance-wise) to put my
> hardened access-list which includes the statment above on the
> s0/2 interface for the gigabit ethernet interface?
Put it on S0/2; drop the traffic as early as you can.
To the other poster regarding the 1.1.1.x addresses; I think that was
just an attempt to keep the question generic.
Thanks,
Josh
More information about the cisco-nsp
mailing list