North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: What were we saying about edge filtering?
> > Sean Donelan wrote: > > > > It gets even worse. Cisco has hard-coded the list of > > Bogons into some of its latest low-end IOS versions as > > part of its "auto-secure" feature. Yes, Cisco includes > > warnings in the manual the user should check the official > > list at IANA; but I also know the power of defaults. > > People upgrade their IOS versions even less often then > > they update their Windows boxes. So we're going to see > > chunks of the net blocked depending on the release date > > of versions of IOS. > > Adam Debus wrote: > > Do you have a reference page as to what > platforms/releases/release trains that is being applied to? > > Seems like it might be a handy list to have bookmarked. :) Per http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_feature_ guide09186a008017d101.html, it was introduced in 12.3 mainline. It's anyone's guess where it will end up from there but note that it's already in a service provider train (12.2(18)S). So we may (or probably will?) end up with ISP's using the bogon-list feature as well. If one upgrades from version A of Autosecure-enabled IOS to version B of Autosecure-enabled IOS, will the bogon-list ACLs in the device's configuration be automatically updated? Or will the user have to disable and then re-enable Autosecure? Is this progress? Or is this something that "seemed like a good idea at the time"? -Terry
|