On Fri, Jul 18, 2003 at 06:07:08AM -0700, Rick Ernst wrote:
Is there a way to globally protect all inbound interfaces on a router via ACL (specifically hundreds of frame/sub-interfaces) without applying the same ACL to each individual interface?
I believe something like this will work: no access-l 198 access-list 198 deny 53 any any log-input access-list 198 deny 55 any any log-input access-list 198 deny 77 any any log-input ! access-list 198 permit pim host xx.xx.xx.xx 224.0.0.0 31.255.255.255 ! access-list 198 deny pim any any log-input access-list 198 permit ip any any ! !end replace xx.xx.xx.xx with real ip address if you have PIM running, if you don't, remove that line.
Is the "line vty" config only for telnet/ssh, etc. or is it the magic global that I'm looking for?
No. I don't think so. -Basil @ CIFNet