Aaron's Worthless Words

Sign in Subscribe

acls

Using MAC Access-lists

We ran into this today, and, though I knew it existed, I never actually saw it in the wild. I’m talking about MAC access-lists. In the example setup, we have a DMZ off of a firewall that contains a whole mess of servers — email, web, ftp, etc. These should

ACLs and HSRP, BGP, OSPF, VRRP, GLBP...

Here’s a handy list of ACL entries to allow your devices to speak routing protocols, availability protocols, and some other stuff. We’ll assume you have ACL 101 applied to your Ethernet inbound; your Ethernet has an IP of 192.168.0.1. * BGP : Runs on TCP/179 between

Commenting Access-lists

There’s a very-overlooked feature of access-lists — the remark. Yes, this is very basic, but it’s worth mentioning, as it has saved me anguish time and time again. I use remarks to document each line of an ACL (on IOS, PIX, FWSM, ASA, etc.) so that when I go