Cisco 2503 Betriebsanweisung Seite 32
- Seite / 42
- Inhaltsverzeichnis
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
32 Release Notes for Cisco 2500 Series for Cisco IOS Release 12.0 T
Important Notes
The following example shows a possible access list for a three-interface router, along with the
configuration commands needed to apply the list. The example assumes input filtering is not needed,
other than as a workaround for this problem:
! Deny all multicasts, and all unspecified-net broadcasts, to port 514
access-list 101 deny udp any 224.0.0.0 31.255.255.255 eq 514
! Deny old-style unspecified-net broadcasts
access-list 101 deny udp any host 0.0.0.0 eq 514
! Deny network-specific broadcasts. This example assumes that all of
! the local interfaces are on the class B network 172.16.0.0, subnetted
! everywhere with mask 255.255.255.0. This will differ from network
! to network. Note that we block both new-style and old-style broadcasts.
access-list 101 deny udp any 172.16.0.255 0.0.255.0 eq 514
access-list 101 deny udp any 172.16.0.0 0.0.255.0 eq 514
! Deny packets sent to the addresses of our own network interfaces.
access-list 101 deny udp any host 172.16.1.1 eq 514
access-list 101 deny udp any host 172.16.2.1 eq 514
access-list 101 deny udp any host 172.16.3.3 eq 514
! Permit all other traffic (default would be to deny)
access-list 101 permit ip any any
! Apply the access list to the input side of each interface
interface ethernet 0
ip address 172.16.1.1 255.255.255.0
ip access-group 101 in
interface ethernet 2
ip address 172.16.2.1 255.255.255.0
ip access-group 101 in
interface ethernet 3
ip address 172.16.3.3 255.255.255.0
ip access-group 101 in
Listing all possible addresses—especially all possible broadcast addresses—to which attack packets
may be sent is complicated. If you do not need to forward any legitimate syslog traffic received on
an interface, you can block all syslog traffic arriving on that interface. Remember that blocking will
affect traffic routed through the Cisco IOS device as well as traffic destined to the device; if the IOS
device is expected to forward syslog packets, you will have to do the detailed filtering. Because input
access lists impact system performance, install them with caution—especially on systems running
very near their capacity.
Software Versions and Fixes
Many Cisco software images have been or will be specially reissued to correct this vulnerability. For
example, regular released Cisco IOS version 12.0(2) is vulnerable, as are interim versions 12.0(2.1)
through 12.0(2.3). The first fixed interim version of Release12.0 mainline software is
Release12.0(2.4). However, a special release, 12.0(2a), contains only the fix for this vulnerability
and does not include any other bug fixes from later 12.0 interim releases.
If you are running Release 12.0(2) and want to fix this problem without risking possible instability
presented by installing the 12.0(2.4) interim release, you can upgrade to Release 12.0(2a). Release
12.0(2a) is a “code branch” from the Release 12.0(2) base, which will merge back into the
Release 12.0 mainline at Release 12.0(2.4).
Special releases, like 12.0(2a), are one-time, spot fixes, and they will not be maintained. Thus, the
upgrade path from Release 12.0(2a) is to Release 12.0(3).
Table 7 specifies information about affected and repaired software versions.
- Cisco IOS Release 12.0 T 1
- System Requirements 2
- LAN Interfaces 3
- WAN Data Rates 3
- WAN Interfaces 3
- WAN Optimization 10
- WAN Services 10
- Quality of Service 11
- Switching 11
- Connectivity 11
- IBM Support 11
- IP Routing 11
- Scalability 12
- Security 12
- Management 12
- New and Changed Information 14
- Important Notes 28
- Cisco IOS Syslog Failure 29
- • [email protected] 31
- Unaffected Releases 33
- Releases Based on 11.3 33
- Releases Based on 12.0 33
- Deprecated MIBs 34
- Related Documentation 35
- 12.0 Documentation Set 38
- Service and Support 39
- Cisco Connection Online 40
- Documentation CD-ROM 41
Verwandte Produkte und Handbücher für Vernetzung Cisco 2503
Vernetzung Cisco 3620 Bedienungsanleitung
(8 Seiten)
(8 Seiten)
Vernetzung Cisco E2500 Bedienungsanleitung
(27 Seiten)
(27 Seiten)
Vernetzung Cisco RV180 Bedienungsanleitung
(7 Seiten)
(7 Seiten)
Vernetzung Cisco CISCO2821 Spezifikationen
(31 Seiten)
(31 Seiten)
Vernetzung Cisco 7505 Bedienungsanleitung
(14 Seiten)
(14 Seiten)
Vernetzung Cisco uBR7225VXR Spezifikationen
(20 Seiten)
(20 Seiten)
Vernetzung Cisco PA-5EFL= Spezifikationen
(40 Seiten)
(40 Seiten)
(56 Seiten)
Vernetzung Cisco 7609 Spezifikationen
(572 Seiten)
(572 Seiten)
Kenwood MFJ-286 Handbücher
Bedienungsanleitungen und Benutzerhandbücher für Mikrofone Kenwood MFJ-286.
Wir stellen 1 PDF-Handbücher Kenwood MFJ-286 zum kostenlosen herunterladen nach Dokumenttypen zur Verfügung Bedienungsanleitung
Kommentare zu diesen Handbüchern