Unanswered Question
Farrukh Haroon Sat, 10/25/2008 - 05:32

"replace acl within vlan"

can you please spell out more details about your requirement? Which device is this?



hi! Sorry some typo errors there.....what i meant is that, is there any tools or device that i can use to ease management or replace acl applied on different vlan interfaces? Can NAC achieve that?

Is there any tools that is more effective than acl to filter packet between my vlan interfaces at the 6509 core?


srue Mon, 10/27/2008 - 09:48

a firewall services module/ FWSM. they're very expensive though.

Farrukh Haroon Mon, 10/27/2008 - 12:41

The problem with ACLs are that they are vulnerable to various attacks due to their 'near' stateless nature. Stateful firewalls/packet filters are therefore considered more secure. I would recommend an ASA/FWSM or at least an IOS router running an Advanced Security image (to utilize the zone-based firewall feature). There are free graphical tools provided by Cisco (SDM,ASDM etc.) that can help you manage your firewall rules graphically.




This Discussion