ACLs, important?

[InlineFive]

Hi all,

Recently I've been looking at various enterprise switches to see how they compare and lately have been comparing HP (good features, good price) versus Cisco (tons-o-features, higher price). They both look similiar except that most of the SMB HP switches don't support ACLs.

In my mind ACLs are a fundamental part of network security and control. But are they really worth the Cisco price premium if the network already uses 802.1X?

Thanks for advance.

I5

 

[Nothinman]

Depends on where you want to implement your security. AFAIK we didn't use any access lists on the switches at my last job although there was talk about using VACLs to secure one or two of the VLANs. In general the security was always implemented on the server, router or firewall. Of course we didn't have any 802.1X authentication setup either.

 

[cmetz]

InlineFive, also look at Extreme and SMC switches. You're looking at two overpriced vendors.

In my opinion, line-rate L4 ACLs in a managed switch are a mandatory feature now. Thank a certain commonly deployed but laughably insecure operating system, which occasionally picks up viruses that like to spew lots of traffic all around your LAN. I need a way to quickly cut that traffic off while letting that station have enough connectivity to get patched...

 

[InlineFive]

Thanks for the advice you guys. 🙂 I looked at the switches from Cisco, Foundry, Extreme and HP that support those features and they were all around the same price.

Regardless, it's good to know that ACLs are extremely important and that helps me a ton, thanks!

 

[spidey07]

Whenever I send out a request for proposal to cisco, foundry, extereme they all come in at the same price. So in general you get what you pay for.