- Fast path switching in NAT/PAT is indicated by an asterisk when running a show ip nat translations command. This has nothing to do with NAT, but indicates that the switching was done based on the initial packet asks for a port and subsequent packets use that same port.
- access-group is used in applying ACLs to an interface, access-class is used in applying ACLs to lines
- Dynamic Access lists allow a router to create an ACL based on user credentials.
- Limit the number of telnet sessions in the line command, such as line vty 1 to limit to a single session
- Static NAT allows connections from the outside and are always in the NAT table
- Always pay attention to the source and destination in an ACL, especially where ports are concerned - do not limit based on source port, but rather on destination.
- Extended ACLs should be placed on the interface nearest the source, whereas standard ACLs should be placed nearest the destination.
More thoughts as they arrive...
No comments:
Post a Comment