Hi all,
Like many others, we land our ISP connections into our layer 2 switches into their own VLANs in order to distribute public internet connections to more than one firewall/device.
Anyone using Port ACLs on their switches to lockdown devices that are sitting directly on the internet?
We have some specialized video gear that sit directly on public IP's with no firewall protecting them. Don't worry, the devices are secured properly with SSH keys, etc., but they do still get inbound attempts from the world trying to access them. To prevent this, I've been considering applying simple Layer2 Port ACLs to filter public IP address ranges.
Anyone doing this? Any concerns with PACL's causing switch overhead? The switches we have are Cisco 2960X's and XR's, so not the most powerful devices in the world, but I'm hoping they can handle this job of filtering inbound IP's.
Thanks!
No comments:
Post a Comment