[e-nsp] Good advice on Access Control Lists on ExtremeWare

root net rootnet08 at gmail.com
Mon Apr 21 10:45:41 EDT 2014


Hello,

Anyone have good advice on using ACLs on ExtremeWare, namely the BD 6808
MSM64i. I know it's old but have one left and never had ACLs on it just
used Cisco's around it. Now would like to put some security on it directly
as we plan to upgrade end of this year or next to ExtremeXOS supported gear.

Would like to accomplish:

1. BCP38
2. Block couple ports switch wide
3. Limit telnet/ssh to switch on all IPs assigned. (With Cisco this is easy)

For example with #3 if you have layer 3 VLANs now every gateway IP has
access to switch via telnet/ssh. With Cisco you could apply ACL to VTY and
it's done.

For example with #2 block tcp/udp 135,137,138.139.445.

For example with #1 prevent spoofing, and etc on ingress and egress.

Also, it would be helpful if someone couple provide an example or provide
links to good resources.
I've read the reference command guide but not sure I understand correctly.

Thanks,

Any advice is appreciate for sure!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/extreme-nsp/attachments/20140421/12212996/attachment.html>


More information about the extreme-nsp mailing list