• Tag : access-lists

 
 

IP Packet length matching in Ingress Security ACLs

Similar to L4 ports, ACL rules can be configured to filter ingress packets based on their IP length (present in the IPv4 header). The match criteria consist of lookups on the IP length field. The supported range operators are as follows: any – all lengths eq length1, length2 … lengthn – A list of lengths. Max list size of 10 numbers gt length – The set of lengths with numbers larger than the listed length lt length – The set of lengths with numbers smaller than the listed length range length1 length2 – The set of lengths whose numbers are...
Continue reading →

Restricting access to the switch

In this article we demonstrate how you can enable your Arista switch to restrict access to various network services. By default, Arista EOS implements a control-plane ACL to restrict the packets going to the CPU.  This is done for security purposes, but in its default configuration is very permissive.  As such, it is recommended that the sources which can access the switch be restricted using the methods described below. To view the default ACL issue the following command: Arista#sh ip access-lists default-control-plane-acl IP Access List default-control-plane-acl [readonly] statistics per-entry 10 permit icmp any any [match 4, 11 days, 20:46:23 ago]...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: