I inherited a network that's a mess. One of the biggest issues I have right now that I don't see a clear way through is distributed access lists. That is, the access switches have access lists. Let's assume that's 1000 access switches. The "core" has a firewall in it, but some end devices talk to other end devices, and it was set up with ACLs to manage security for most things E-W. So 1000 switches, each with different ACLs applied based on long forgotten projects and not much documentation.
Is there any way to manage distributed ACLs from a central point? It will take a long time to untangle the mess, but in the mean time, I still have to manage this mess.
No comments:
Post a Comment