Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I bought a C1300 and am learning to navigate it compared to standard cisco IOS. I have been unable to get Access Profiles and Access Rules to work. I set up all my rules in a profile with a deny all rule at the bottom. I then make the access pro...
Hello,Have a mid sized campus type network with about 30 switches (All Cisco) and 24 vlans. The network has a core switch on which there are SVIs for each of the vlans. The core switch links to the router which give internet access. Fairly standard...
Hi, am replacing an ASA with a Cisco ISR router. The context of the nat rules and access rules are a little different, so want to make sure I am translating them correctly. Access rules are for incoming traffic on the WAN interface. Relevant configs ...
Hi Reza, The access-list worked fine. The issue was very slow performance. This begs the question of whether or not the hardware simply couldn't handle the overhead created by the ACLs or perhaps a problem with the old IOS.
Am and was running 03.07.05E. Very old I know. Problem is we are a 24X7 operation, so finding a window to upgrade a core switch can be problematic. If I implement this again though, it would be on a 9300 stack with the latest IOS.
Hi guys,Here is a real basic example of what I did. This is for vlan 220.ip access-list extended GuestACLpermit ip host 192.168.61.7 anypermit udp 192.168.220.0 0.0.0.255 host 192.168.61.5 eq bootpspermit udp 192.168.220.0 0.0.0.255 host 192.168.61....
I tend to agree with you Joseph. In my opinion good endpoint protection and a good next gen firewall is adaquate enough for my network, but I'm just a basic know nothing network admin and not a "security consultant". As such I have been asked by th...
I agree with you Martin, but we have been told by a security consulting firm that having multiple vlans that are "wide open" is bad practice. If say host on vlan 2 is compromised, it has access to all hosts on all vlans. It should be setup so that ...
