Secure your PE VTYs!
use better ACLs to secure the VTYs
ip address 1.1.1.1 255.255.255.255
access-list 199 permit 10.255.255.5 0.0.0.0 1.1.1.1 0.0.0.0
access-list 199 permit 10.255.64.0 0.0.0.7 1.1.1.1 0.0.0.0
access-list 199 permit 211.33.0.0 0.0.7.255 1.1.1.1 0.0.0.0
access-list 199 permit 10.255.255.5 0.0.0.0 211.33.0.0 0.0.7.255
access-list 199 permit 10.255.64.0 0.0.0.7 211.33.0.0 0.0.7.255
access-list 199 permit 211.33.0.0 0.0.7.255 211.33.0.0 0.0.7.255
needs entries for BB interface addresses as telnet destination (hop-to-hop telnet)
- as BB interface addresses and loopback addresses are not reachablewithin the vrfs, this should be secure
- needs a nice IP addressing scheme (or a clever config generation tool)