I suppose the best way is to have another ethernet interface for
admin purposes on a different physical network, say eth0/1
Then use the following method by telnet+cut & paste
ena
<ena password>
conf term
interface ethernet0/0 \
shutdown \ repeat for all sensitive interfaces
no access-list 100 \
access-list 100 ..... \ repeat for all access lists
interface ethernet0/0 \
no shutdown \ bring back up the sensitive interfaces
exit
write mem
OK, so you have a second or so of downtime, but no security hole
during updates. Sceduled for the right time in the day and no one
will notice.
Regards
-M
--
Matthew Smithshaw | ML Associates
[EMAIL PROTECTED] or [EMAIL PROTECTED] | P O Box 16076
tel:+44-141-951-2229 | Glasgow Scotland
fax:+44-141-951-8877 | G11 7TL
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
