Customer-facing ACLs

Adrian Chadd adrian at creative.net.au
Tue Mar 11 04:18:23 UTC 2008


I've attempted to summarise the replies I found useful in the Wiki:

http://nanog.cluepon.net/index.php/MailTopics#Customer-Facing_ACLs

My personal observations:

* More information about what networks are doing would be nice!
* More data points about probes/scans/etc would be nice!
* Filtering technologies would be nice for ACLs - not shaping of things
  like BT/YT/etc - stuff like how to deploy per-customer ACLs on
  a variety of tech. I know I've used ACLs in Radius AV pairs in a
  SP environment for DSL aggregation; I've also used similar hackery
  in 802.1x for per-port ethernet ACLs in an Enterprise environment.
  Has anyone rolled out 802.1x style port authentication in a ethernet-
  edge scenario and included ACLs/shaping AV-pairs? Experience/Feedback
  would be great.

Constructive comments appreciated.




Adrian




More information about the NANOG mailing list