I just discovered the hard way that a SVI on the 4000/sup3 is a bit more
than a L3 interface. It (and a partner) handle switching for a pile of
vlans, and IP on justa few of those. I created an SVI on an internal
network for mgmt purposes and quickly slapped a lame ACL on it (permit
192.168/16 192.168/16).
To my surprise, it killed OSPF between some routers on that network, as it
was filtering out mcast traffic. While it makes sense that the ACL would
knock down mcast going in or out of the SVI from an L3 standpoint, I
certainly wasn't expecting it to kill it on the entire VLAN, since I
hadn't applied an ACL to a specific port....
Without any more established platforms to experiment left, I'm left to
speculate -- is this expected behavior, or are the acl's on the SVI more
intrusive than they should be?
..kg..
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:56 EDT