Can you detail that Mike? On Tue, Sep 1, 2015 at 4:46 PM, Mike Hammett <[email protected]> wrote:
> Route filters are less intensive than firewall rules. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > ----- Original Message ----- > From: "Christopher Gray" <[email protected]> > To: [email protected] > Sent: Tuesday, September 1, 2015 3:46:05 PM > Subject: [AFMUG] Securing Management Network? > > > I'm re-thinking my network arrangement and would like to know how others > secure or separate their management network. > > > My current setup is all Mikrotik running OSPF/MPLS/VPLS with VPLS tunnels > from the APs back to my edge routers, where customer traffic is handled and > I use firewall rules at those routers to prevent the tunnels from having > access into the network. I have public IPs available at the edge routers, > and all internal hardware has some slice of 10.0.0.0/8 . I don't have > firewall rules on most of the routers as they are all protected by the edge. > > > I'd like to move away from this model and have IP blocks at each AP site > that route over my OSPF/MPLS system. I can get them to route, but I am > wondering if there is an easy way to block routes or limit OSPF > distribution to prevent access to my hardware (other than running several > firewall rules on every router). I am running many RB750, RB750UP, and > RB750P routers and would like to keep firewall rules to a minimum if > possible. > > > Thanks - Chris > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
