Customer-facing ACLs
Adrian Chadd
adrian at creative.net.au
Tue Mar 11 04:18:23 UTC 2008
I've attempted to summarise the replies I found useful in the Wiki:
http://nanog.cluepon.net/index.php/MailTopics#Customer-Facing_ACLs
My personal observations:
* More information about what networks are doing would be nice!
* More data points about probes/scans/etc would be nice!
* Filtering technologies would be nice for ACLs - not shaping of things
like BT/YT/etc - stuff like how to deploy per-customer ACLs on
a variety of tech. I know I've used ACLs in Radius AV pairs in a
SP environment for DSL aggregation; I've also used similar hackery
in 802.1x for per-port ethernet ACLs in an Enterprise environment.
Has anyone rolled out 802.1x style port authentication in a ethernet-
edge scenario and included ACLs/shaping AV-pairs? Experience/Feedback
would be great.
Constructive comments appreciated.
Adrian
More information about the NANOG
mailing list