[c-nsp] Control-Plane Filters/ACLs

Mack McBride mack.mcbride at viawest.com
Fri Dec 3 12:16:06 EST 2010


There is no easy template for CoPP on Cisco.
Some things are processed in hardware, some are processed in software.
It is platform dependent.

Mack
Network Architect

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Bill Blackford
Sent: Friday, December 03, 2010 9:31 AM
To: 'cisco-nsp List'
Subject: [c-nsp] Control-Plane Filters/ACLs

Hello C-NSP members. I am looking for some good examples of "router-protect" ACLs or FW filters. On my "J" gear, I have several firewall filters designed to protect the control-plane that simply get applied to the loopback. Now only certain hosts/networks can make SSH, FTP, TCP179, etc., connections "to" the routers.

Are there some templates or examples I can find? I haven't played much with CoPP and don't hear a lot of accolades for doing this. The other obvious question would be "does this run in hardware or in software?". Hmm, doubt if the packet ASICs are processing ACL's.

Any help would be appreciated.

Thank you,

-b


--
Bill Blackford                     
Senior Network Engineer            
Technology Systems Group           
Northwest Regional ESD             

Logged into reality and abusing my sudo priviledges


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list