Hey r/netwokring!
Today I come seeking advice for managing a set of identical access-lists (per VLAN) when implementing a FHRP on a pair of layer 3 switches. To me, this seems like a major nightmare, and I would rather just move the layer 3 functionality up to a pair of firewalls (Active/Standby), where I would only have to manage 1 set of ACLs and retain my first hop redundancy.
Any tips or tricks when managing multiple sets of ACLs, such as tools to ensure that they are indeed identical?
if I recall, there's actually a feature that can replicate the ACLs over to the other switch, but from what I remember it was buggy as all get out.
No comments:
Post a Comment