07-01-2002 09:10 AM - edited 03-01-2019 11:17 PM
Does anyone have any tips on how to improve the security on routers running DLSW ? I am running both WAN to LAN and LAN to LAN DLSW and would like a mechanism that would ensure the controller on the end of my LAN or WAN is verified before permiting communications to the FEP .
07-01-2002 04:40 PM
The only additional security you could implement at a router level would be to restrict the mac addresses that DLSW will pass traffic for using an access list 700 - 799 and the dmac-output-list parameter on the dlsw remote-peer statement.
Since this uses the destination mac address, you would need to code it with the controller mac address in the router on the FEP side of the connection. It would not prevent any controller from sending an initial test frame but traffic will only be returned to specific mac addresses.
07-01-2002 09:14 PM
You can encrypt the DLSW over IPSEC tunnel. Here is the sample config for that:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: