[c-nsp] "Compressed" IPv6 ACLs on Cat6500

Benny Amorsen benny+usenet at amorsen.dk
Sun Dec 12 08:14:39 EST 2010


Mack McBride <mack.mcbride at viawest.com> writes:

> Correct, The security posture is more important.
> General consensus is that a subnet is a /64.
> More specifics should be used to reduce exposure to attacks.
> Links for example are generally assigned as /126 or /127.

It can be an advantage to reserve a /64 to every link in your
provisioning databases but then use the first /127 in the actual router
configuration. That way you can still filter on /64.


/Benny



More information about the cisco-nsp mailing list