North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Land and Cisco question
I'm sorry - but the Right Thing (tm) to do is to ingress filter, as I have already evangelized. Like it or not. - paul At 08:13 PM 11/22/97 +0000, Alex Bligh wrote: >Um, if your concentrator router has one interface per L/L customer (or >one subinterface per customer), you *do* need to add another line to >the extended ACL for each new subinterface added, which looks like > >access-list 164 deny ip n.n.n.n 0.0.0.0 n.n.n.n 0.0.0.0 > >where n.n.n.n is the ip address of the new subinterface on the >concentrator router, because the ACL has one line per (sub)interface >on the router. > >However many of us (I think) don't run with a new subinterface for >each new customer, and a still easier fix is to upgrade to one of >the non-vulnerable IOS versions (there being at least one for >each of 10.3, 11.0, 11.1 & 11.2). > >-- >Alex Bligh >GX Networks (formerly Xara Networks) > > > >
|