RE: [fw-wiz] Cisco acls
From: Luke Butcher (Luke.Butcher_at_alphawest.com.au)
Date: 03/30/05
- Previous message: Steve Fletcher: "RE: [fw-wiz] Screening Router as a firewall"
- Maybe in reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
- Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Scott Stursa" <stursa@mailer.fsu.edu> Date: Wed, 30 Mar 2005 08:29:19 +1000
From: Scott Stursa
Sent: Friday, 25 March 2005 4:54 AM
>> On Tue, 15 Mar 2005, Luke Butcher wrote:
>> Not sure about a lint checker and router ACLs unfortunately don't
show a hit count like PIX ones.
> Yes they do.
> The only place I've seen "missed" hits are on switches doing VLAN
switching. Although the initial handshake will
> generate hits, once it goes into switching mode the ACL will never see
the packets. The difference is clear if you
> have an ACL which begins with "permit tcp any any established"; on a
non-switched interface this line will show the > greatest number of hits
in the ACL, on a switched one it will show the lowest.
Sorry I meant in the way a PIX displays 'hitcnt=' right next to the line
when you do a show access-list. This makes it very easy to tell what
lines are being used and which ones aren't.
Regards,
Luke Butcher
Network/Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Steve Fletcher: "RE: [fw-wiz] Screening Router as a firewall"
- Maybe in reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
- Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
