[c-nsp] Control-Plane Filters/ACLs
Bill Blackford
BBlackford at nwresd.k12.or.us
Fri Dec 3 11:30:53 EST 2010
Hello C-NSP members. I am looking for some good examples of "router-protect" ACLs or FW filters. On my "J" gear, I have several firewall filters designed to protect the control-plane that simply get applied to the loopback. Now only certain hosts/networks can make SSH, FTP, TCP179, etc., connections "to" the routers.
Are there some templates or examples I can find? I haven't played much with CoPP and don't hear a lot of accolades for doing this. The other obvious question would be "does this run in hardware or in software?". Hmm, doubt if the packet ASICs are processing ACL's.
Any help would be appreciated.
Thank you,
-b
--
Bill Blackford
Senior Network Engineer
Technology Systems Group
Northwest Regional ESD
Logged into reality and abusing my sudo priviledges
More information about the cisco-nsp
mailing list