From: Colin Barber (Colin.Barber@xxxxxxxxxxxxxx)
Date: Fri Aug 09 2002 - 16:22:57 GMT-3
Hi Guys,
Sorry for the OT. Today at work some bright spark got the ip address and
default gateway the wrong way round on a Unix box in our data centre and
took down the whole subnet; just 200 systems and 8000 users not able to
communicate!
Has anybody got any ideas on the best way to protect the default gateway ip
address from misconfiguration? The device is a 300 port 6509 with the
default gateway being the internal MSFCs. The only way I can thing of is
using native IOS on the cat and applying an input access list denying the
source ip address of the default gateway on all 300 Ethernet ports. I know
the MSFCs can wire-speed route ip and standard and extended access lists but
does the first packet still need to be processed switched? Whatever solution
I use it cannot affect performance of the router, switch or the clients.
Regards,
Colin
------------------------------------------------------------------------------
Live Life in Broadband
www.telewest.co.uk
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and/or privileged material.
Statements and opinions expressed in this e-mail may not represent those of the
company. Any review, retransmission, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities other t
han the intended recipient is prohibited. If you received this in error, please
contact the sender immediately and delete the material from any computer.
==============================================================================
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:22 GMT-3