From: Anthony Sequeira (asequeira@internetworkexpert.com)
Date: Thu Oct 09 2008 - 16:46:50 ART
Errr - to quote Bruce Caslow over at NetMasterClass - I guess I should
"make no assumptions"!
I saw the Scott Morris post in this thread and realized that of course the
standard list does fine IF it is truly the SOURCE ADDRESS that is your
concern.
This is a common case where you are interested in preventing this traffic
sourced from the private space from coming in your "outside" interface.
Anthony J. Sequeira, CCIE #15626, CCSI #23251
Senior CCIE Instructor
asequeira@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
----- Original Message -----
From: asequeira@internetworkexpert.com
Sent: Thu, October 9, 2008 13:40
Subject:Re: filter rfc 1918
Source address is your concern here, unless the task has other goodies
thrown in as well. So given that source address is the only concern, your
standard list will do fine.
One "gotcha" with this task is making sure you are blocking the correct
range of 172.X.X.X networks.
Anthony J. Sequeira, CCIE #15626, CCSI #23251
Senior CCIE Instructor
asequeira@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
----- Original Message -----
From: jgarrison1@austin.rr.com
Sent: Thu, October 9, 2008 12:47
Subject:filter rfc 1918
does it matter if I use an extende access-list with deny ip or a standard
just
denting the address's
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:20 ARST