ACLs

One of the things people always think about then they add security acls is to ensure that telnet or ssh still works. But if you adding acls to act as a lightweight firewall, you may forget something like TACACS which can be really nasty if you use command authorization, also don't forget logging, snmp, tftp and any protocol you use to manage the box. If you happen of have a standard firewall rule set use that, if you done create one. Net of this is don't forget ALL the management protocols when you are adding acls, OR you can use an SVI that is not part of the address space you are protecting or add a new SVI and change the default route to bypass your ACL when you manage the box. Just adding a new SVI does not help if the default route points to the original SVI