Security Basics mailing list archives
RE: Access Lists on Layer-3 Switches
From: "Batkin, Seva" <Seva_Batkin () canaccord com>
Date: Mon, 16 Feb 2004 14:50:18 -0800
Normal access lists on layer 3 switches act the same as on routers except somewhat faster because the lookups are done in TCAM (on Cisco switches that is). The lists are applied the same way, i.e. as they enter or leave a router interface such as a VLAN or a routed port. The disadvantage is that they take up TCAM room which is shared for different purposes. In terms of security, once again normal access lists do not filter traffic within a VLAN. For that you have to use (on Cisco) special VLAN access lists which are separately maintained but also take up room in the TCAM. Thanx Seva -----Original Message----- From: tococomic () hushmail com [mailto:tococomic () hushmail com] Sent: February 16, 2004 10:53 AM To: security-basics () securityfocus com Subject: Access Lists on Layer-3 Switches -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you think that there is any significant drawback of using access lists on layer-3 switches in comparison with access lists on routers? Can you reach the same security (packet-filtering)with the switch solution (layer 3) or is a router for an internal network separation a must? -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAkAxEXcACgkQHXIytGYYLEFGswCcD8UYACmH9Jk8Hz0RUOVhUvPExP8A njj4C56707LSL+AGM2Tylxin9cOe =U6hy -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------- "Canaccord Capital Corporation <canaccord.com>" made the following annotations on 02/16/2004 02:50:28 PM ------------------------------------------------------------------------------ This message may contain confidential or privileged material. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this message in error, please immediately reply to the sender and delete this information from your computer. Thank you. ============================================================================== --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Access Lists on Layer-3 Switches tococomic (Feb 16)
- Re: Access Lists on Layer-3 Switches Raghu Chinthoju (Feb 17)
- <Possible follow-ups>
- RE: Access Lists on Layer-3 Switches Batkin, Seva (Feb 17)