Re: Access Lists on Layer-3 Switches

["Raghu Chinthoju" <chraghu.ml () fusemail com>]

Access lists on any router degrade the performance by reducing the
throughput and introducing latency (might be negligible for most of the
applications). Depending the complexity of the accesslists, they eat up
considerable amount of memory and processor.

I would suggest you to consider the current resource (network, CPU mem etc)
usage percentages, criticality of the device, your throughput requirements
etc and then take a decision on implementing accesslists on L3.

On the other hand, VLANs are just logical separation and aren't as secure as
physically separated ones. When you are considering security between inter
VLAN communication, you need to seriously conceder this. If the budget
permits and requirements are justified, you may go for physically separate
switched networks. Or else, you need to tightly secure your L2
configuration.

Raghu

----- Original Message ----- 
From: <tococomic () hushmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, February 17, 2004 12:22 AM
Subject: Access Lists on Layer-3 Switches


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Do you think that there is any significant drawback of using access lists
> on layer-3 switches in comparison with access lists on routers? Can you
> reach the same security (packet-filtering)with the switch solution (layer
> 3) or is a router for an internal network separation a must?
> -----BEGIN PGP SIGNATURE-----
> Note: This signature can be verified at https://www.hushtools.com/verify
> Version: Hush 2.3
>
> wkYEARECAAYFAkAxEXcACgkQHXIytGYYLEFGswCcD8UYACmH9Jk8Hz0RUOVhUvPExP8A
> njj4C56707LSL+AGM2Tylxin9cOe
> =U6hy
> -----END PGP SIGNATURE-----
>
>
>
>
> Concerned about your privacy? Follow this link to get
> FREE encrypted email: https://www.hushmail.com/?l=2
>
> Free, ultra-private instant messaging with Hush Messenger
> https://www.hushmail.com/services.php?subloc=messenger&l=434
>
> Promote security and make money with the Hushmail Affiliate Program:
> https://www.hushmail.com/about.php?subloc=affiliate&l=427
>
> --------------------------------------------------------------------------
-
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------