Land and Cisco question
Paul Ferguson
ferguson at cisco.com
Sat Nov 22 21:06:48 UTC 1997
I'm sorry - but the Right Thing (tm) to do is to
ingress filter, as I have already evangelized.
Like it or not.
- paul
At 08:13 PM 11/22/97 +0000, Alex Bligh wrote:
>Um, if your concentrator router has one interface per L/L customer (or
>one subinterface per customer), you *do* need to add another line to
>the extended ACL for each new subinterface added, which looks like
>
>access-list 164 deny ip n.n.n.n 0.0.0.0 n.n.n.n 0.0.0.0
>
>where n.n.n.n is the ip address of the new subinterface on the
>concentrator router, because the ACL has one line per (sub)interface
>on the router.
>
>However many of us (I think) don't run with a new subinterface for
>each new customer, and a still easier fix is to upgrade to one of
>the non-vulnerable IOS versions (there being at least one for
>each of 10.3, 11.0, 11.1 & 11.2).
>
>--
>Alex Bligh
>GX Networks (formerly Xara Networks)
>
>
>
>
More information about the NANOG
mailing list