Hi Saku Thank you for your information. Good to learn from you
One more question, I add one line access rule in cisco router (r700 CPU at 240MHz with with 252928K/9216K bytes of memory.) the cpu graph raises from 70% to 80%. ls the switch also having this problem? Thank you On Sat, Feb 28, 2009 at 3:11 AM, Saku Ytti <[email protected]<saku%[email protected]> > wrote: > On (2009-02-27 07:15 -0500), Deric Kwok wrote: > > > Could you explain to me what is function of access-list in switch? > > > > It looks like to do prevent access to switch only? > > > > Am I right? > > No. You can in many CSCO switches use L3 access-lists in L2, althought > typically only on inbound direction. > > Some usage cases: > a) rudimentary anti-spoofing > b) stopping infected machine from spreading infection, while allowing > machine administration to reach it and fix it > c) for server aggregation style, on uplink you could protect the > servers, like only allow 0.0.0.0 80 to them and 22 from MGMT NET, > providing wire-rate protection of DoS. > > As not just IP match is allowed, but also MAC and ethertype, you > could allow only IPv4, IPv6 and ARP frames, to avoid unwanted > traffic entering. > > -- > ++ytti > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
