You will
not see this statement in your ACL, but it does exist.
??? Put your more-speci?¬?c ACL statements at the top of your ACLs??”if you have an ACL
statement blocking all UDP traf?¬?c, and then a second statement that permits SNMP,
the second statement will never be acted upon.
Router(config)#secure boot-image Enables IOS image
resilience and secures
the running image
Router(config)#secure boot-config Stores a secure copy of
the primary bootset in
persistent storage
Router(config)#exit Returns to privileged
EXEC mode
Router#show secure bootset Displays the status of
con?¬?guration resilience
and the primary bootset
?¬?lename
104 Using ACLs to Filter Network Traf?¬?c to Mitigate Threats
??? Unless you use sequence numbers in your ACL, new ACL statements will be appended
to the end of the ACL. Depending on the existing ACL statements, these new lines may
never be acted upon. If necessary, write your ACLs in Notepad or some other text
editor, verify them on paper ?¬?rst for proper syntax and order, and then cut-and-paste
them into your router con?¬?guration.
??? Router-generated packets are not subject to outbound ACL statements on the source
router. Use the extended ping utility and test your ACLs by using a different source
address.
Pages:
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97