We just run a basic input rule, its a drop rule with a NOT management address list, did realize yesterday it needed to have NOT established and related, NTP was not updating
On Tue, Sep 1, 2015 at 3:46 PM, Christopher Gray <[email protected] > wrote: > I'm re-thinking my network arrangement and would like to know how others > secure or separate their management network. > > My current setup is all Mikrotik running OSPF/MPLS/VPLS with VPLS tunnels > from the APs back to my edge routers, where customer traffic is handled and > I use firewall rules at those routers to prevent the tunnels from having > access into the network. I have public IPs available at the edge routers, > and all internal hardware has some slice of 10.0.0.0/8. I don't have > firewall rules on most of the routers as they are all protected by the edge. > > I'd like to move away from this model and have IP blocks at each AP site > that route over my OSPF/MPLS system. I can get them to route, but I am > wondering if there is an easy way to block routes or limit OSPF > distribution to prevent access to my hardware (other than running several > firewall rules on every router). I am running many RB750, RB750UP, and > RB750P routers and would like to keep firewall rules to a minimum if > possible. > > Thanks - Chris > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
