[c-nsp] Control-Plane Filters/ACLs
Devon True
devon at noved.org
Fri Dec 3 12:23:15 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill,
> Hello C-NSP members. I am looking for some good examples of
> "router-protect" ACLs or FW filters. On my "J" gear, I have several
> firewall filters designed to protect the control-plane that simply
> get applied to the loopback. Now only certain hosts/networks can make
> SSH, FTP, TCP179, etc., connections "to" the routers.
>
> Are there some templates or examples I can find? I haven't played
> much with CoPP and don't hear a lot of accolades for doing this. The
> other obvious question would be "does this run in hardware or in
> software?". Hmm, doubt if the packet ASICs are processing ACL's.
>
> Any help would be appreciated.
A quick search for "cisco copp" will turn-up several links from Cisco
about copp with examples. An older link with good beginning information
is http://aharp.ittns.northwestern.edu/papers/copp.html.
What platform are you deploying copp on? There may be caveats with
specific pieces of hardware/software.
- --
Devon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkz5J4IACgkQWP2WrBTHBS80oACgw4K7mHU7oK21hcD5ek1I9Etu
c+gAoNaE8bvcM0avXIONCGHB7XZOnKOA
=xbSQ
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list