Is there any reason a reflexive ACl will not work on a switch port? I see that most examples pertain to routers. We have a 4510 with a Sup 6. I have not tried it yet, but here is the config I came up with :
ip access-list extended internal_acl
permit tcp any any reflect tcptraff
permit udp any any reflect udptraff
permit icmp any any reflect icmptraff
ip access-list extended external_acl
deny ip any any
ip access-group internal_acl out
ip access-group external_acl in
Does this look like it will work? Being that the 4510 can't do NAT I need to "hide" what is connected to this particular switch interface. Suggestions?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...