RE: Access Lists on Layer-3 Switches

["Batkin, Seva" <Seva_Batkin () canaccord com>]

Normal access lists on layer 3 switches act the same as on routers except
somewhat faster because the lookups are done in TCAM (on Cisco switches that
is). The lists are applied the same way, i.e. as they enter or leave a
router interface such as a VLAN or a routed port. The disadvantage is that
they take up TCAM room which is shared for different purposes. 

In terms of security, once again normal access lists do not filter traffic
within a VLAN. For that you have to use (on Cisco) special VLAN access lists
which are separately maintained but also take up room in the TCAM.

Thanx

Seva


-----Original Message-----
From: tococomic () hushmail com [mailto:tococomic () hushmail com] 
Sent: February 16, 2004 10:53 AM
To: security-basics () securityfocus com
Subject: Access Lists on Layer-3 Switches

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you think that there is any significant drawback of using access lists
on layer-3 switches in comparison with access lists on routers? Can you
reach the same security (packet-filtering)with the switch solution (layer
3) or is a router for an internal network separation a must?
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkAxEXcACgkQHXIytGYYLEFGswCcD8UYACmH9Jk8Hz0RUOVhUvPExP8A
njj4C56707LSL+AGM2Tylxin9cOe
=U6hy
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------


"Canaccord Capital Corporation <canaccord.com>" made the following
 annotations on 02/16/2004 02:50:28 PM
------------------------------------------------------------------------------
This message may contain confidential or privileged material. Any use of this information by anyone other than the 
intended recipient is prohibited.  If you have received this message in error, please immediately reply to the sender 
and delete this information from your computer. Thank you.
==============================================================================


---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------