[c-nsp] 6500 acl log & cpu hit
Tim Stevenson
tstevens at cisco.com
Tue Sep 16 09:10:16 EDT 2008
You should use ACL BRIDGED IN/OUT to control that rate:
mls rate unicast acl input|output
Tim
At 03:56 AM 9/16/2008, Phil Mayers observed:
>All,
>
>We've recently disabled OAL because we had to enable VACL capture.
>
>Without OAL, can I ensure a stray "log" ACL statement won't kill the
>box? Can I use one of the MLS rate limiters to throttle it?
>
>The obvious ones seem to be:
>
>ACL VACL LOG - set to "on, 2000pps"
>
>ICMP UNREAC. ACL-DROP - set to "on, 0pps" as OAL wanted this
>
>Or does ACL "log" traffic hit the CoPP limiters?
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Data Center BU
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list