18 Jul
2003
18 Jul
'03
9:23 a.m.
Depends on the platform; if it is a Cisco GSR or 7500 (w/ sufficiently current IOS), you can look into using a Receive ACL (rACL). The Cisco advisory being sent around in the discussion of the latest vulnerability has a link to more info for Cisco rACLs - Wayne Rick Ernst wrote:
Is there a way to globally protect all inbound interfaces on a router via ACL (specifically hundreds of frame/sub-interfaces) without applying the same ACL to each individual interface?
Is the "line vty" config only for telnet/ssh, etc. or is it the magic global that I'm looking for?
I'd post this on inet-access but this is where the conversation is taking place.
Thanks, Rick