Beruflich Dokumente
Kultur Dokumente
? ?
ACL Update Procedures on the Gateway need to be minimally disruptive. Exposure time of having no ACL needs to be minimized.
Intro
Updating ACLs used for security on the edge of a network have two key requirements. First, updates needs to be minimally disrupted to the operational environment. And second, updates need to minimize exposure time when there is no ACL applied to the interface. To meet these requirements, network operators need to know the details of the load/update characteristics of ACLs on their products. These load/update characteristics may differ depending on the operating system, software versions, product, and forwarding/feature ASIC used. Knowing the details allows a network operator to match their procedures to the operating characteristics of the platforms ACL achieving the desired objective of minimized exposure time and operational risk.
Monday, December 16, 2002 active (in the same direction) on a given interface; therefore, the old access list is removed when the new one is activated. 4. New Update. The next time you need to update the ACL, you edit ACL 150 via an off-line text editor, upload it, and activate it as specified in steps one through four above. A change management procedure is strongly encouraged to track the active versus editable ACL. Use of the Named ACL description command, as well as the version numbers for each individual Named ACL using the remark command.
Cisco Systems, Inc. 170 West Tasman Drive. San Jose, CA 95134 -1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100