North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Customer-facing ACLs

  • From: Adrian Chadd
  • Date: Tue Mar 11 00:11:20 2008

I've attempted to summarise the replies I found useful in the Wiki:

http://nanog.cluepon.net/index.php/MailTopics#Customer-Facing_ACLs

My personal observations:

* More information about what networks are doing would be nice!
* More data points about probes/scans/etc would be nice!
* Filtering technologies would be nice for ACLs - not shaping of things
  like BT/YT/etc - stuff like how to deploy per-customer ACLs on
  a variety of tech. I know I've used ACLs in Radius AV pairs in a
  SP environment for DSL aggregation; I've also used similar hackery
  in 802.1x for per-port ethernet ACLs in an Enterprise environment.
  Has anyone rolled out 802.1x style port authentication in a ethernet-
  edge scenario and included ACLs/shaping AV-pairs? Experience/Feedback
  would be great.

Constructive comments appreciated.




Adrian