From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Wed Mar 01 2006 - 10:28:18 GMT-3
I'm surprised you think ACL's will be ineffective in your case. If you
don't want to try restricting access from certain subnets then perhaps only
allowing certain subnets would be easier? If you have overlapping subnets
from VPN connecitons then I think that's a sign that something isn't setup
properly in the first place. As for performance, unless your ACL is
enormous, I see no reason to consider performance a limiting factor for
access to the router's VTY lines.
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mihai Dumitru
Sent: Wednesday, March 01, 2006 6:13 AM
To: ccielab@groupstudy.com
Subject: restrict vty access to the management vlan/vrf only
Hi,
Is there a better way to restrict access to the VTY lines from certain VRFs/
VLANs, other than using ACLs/VACLs? I think that ACLs might not be
effective because of overlapping address space and possible performance
degradation.
Thanks,
Mihai
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:37 GMT-3