On Mar 24, 2010, at 4:30 PM, Gert Doering wrote: > "Every time a new customer connects, and a new IP address is assigned to > an interface, update all your iACLs"?
No - just the iACLs for the edge router(s) in question. After all, one has already modularized one's ACLs, with common stanzas and then router-specific stanzas, kept under version control, right? If not, one has some more basic tasks to accomplish prior to worrying about infrastructure self-protection. ;> ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
