When configuring an iACL, be careful to ensure that that iACL allows all transit traffic traversing the
router and maintaining an uninterrupted packet flow, thereby complying with basic RFCs such as RFC 1918, RFC
3330, and RFC 2827 ingress filtering and anti-spoofing guidelines.
Because they are armed with a number of techniques and solutions that safeguard networks from both
accidental and malicious risks, you should seriously consider using infrastructure protection ACLs for
deployment at all network ingress points.
Transit ACLs
Transit ACLS are similar to infrastructure protection ACLs in two ways: transit ACLS give you a conceptual view,
and they do not require special configuration. Transit ACLs represent one of the many ways to increase network
security by explicitly allowing legitimate traffic into the network. For most network environments, filtering
should be applied to control inbound traffic into the network and to block any unauthorized attempt at the edge
of the network. Service provider networks, for example, often control traffic entering or exiting customer
networks by using edge or transit filtering. This protects unwanted traffic from one customer to another because
unwanted traffic is dropped at the service provider edge.
Pages:
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106