[c-nsp] 2960S vlan ACL eating some L2 transit packets!?
Gert Doering
gert at greenie.muc.de
Mon Jan 13 16:26:46 EST 2014
Hi,
On Mon, Jan 13, 2014 at 04:15:40PM -0500, MANISH wrote:
> when you have a statement something like
> " access-list 100 deny ip any any log " actually what is happening all
> the packets that are getting denied are getting punted to CPU
Well, this is sort of missing the point, which is
"why are the packets denied?"
I know that logged packets are punted, but on a *L2 switch*, no transit(!)
packets should ever hit a vlan ACL (which others confirmed, thanks), so
the question "is logging good or bad" is somewhat moot.
Actually it was quite good that logging was on, because otherwise we would
have seen "some packet drops" with no hint where it was happening...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140113/0050119d/attachment.sig>
More information about the cisco-nsp
mailing list