I've attempted to summarise the replies I found useful in the Wiki: http://nanog.cluepon.net/index.php/MailTopics#Customer-Facing_ACLs My personal observations: * More information about what networks are doing would be nice! * More data points about probes/scans/etc would be nice! * Filtering technologies would be nice for ACLs - not shaping of things like BT/YT/etc - stuff like how to deploy per-customer ACLs on a variety of tech. I know I've used ACLs in Radius AV pairs in a SP environment for DSL aggregation; I've also used similar hackery in 802.1x for per-port ethernet ACLs in an Enterprise environment. Has anyone rolled out 802.1x style port authentication in a ethernet- edge scenario and included ACLs/shaping AV-pairs? Experience/Feedback would be great. Constructive comments appreciated. Adrian