[nsp] 7600 and ACLs
Vicky O. Mair
vickyr@socal.rr.com
Tue, 5 Nov 2002 20:33:35 -0800
hi,
i understand there are number of variables involved here but just for the
argument sake can you cut and paste the acl to another box running in
similar mode or in hybrid mode (lab setup will be great provided you have
any cold standby). if possible, can you afford to you undo the acl and
re-apply them in order to shake the tcam.
/vicky
-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Ash Garg
Sent: Tuesday, November 05, 2002 6:45 PM
To: Vicky O. Mair; cisco-nsp@puck.nether.net
Subject: RE: [nsp] 7600 and ACLs
yeah... that's what currently allow all the packets to be processed
properly. Somewhere their hardware implementation seems to be broken :-(
Removing the log gives very weird results...
Ash
\\\|||///
\\ ^ ^ //
( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg 5/490 Northbourne Ave
Network Specialist DICKSON 2602
Internet Network Development
Telstra
Email: <<mailto:Ash.Garg@telstra.net>>
BH: +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165
The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------
-----Original Message-----
From: Vicky O. Mair [mailto:vickyr@socal.rr.com]
Sent: Wednesday, 6 November 2002 1:31 PM
To: ash@telstra.net; cisco-nsp@puck.nether.net
Subject: RE: [nsp] 7600 and ACLs
hi,
hmm....not sure if 'established' keyword is needed in your case but
something to be aware of (which i'm sure you are) that the 'log' keyword
will drop the packets in process switching mode.
/vicky
-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Ash Garg
Sent: Tuesday, November 05, 2002 2:22 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] 7600 and ACLs
Has anyone had problems with acls applied to vlan interfaces on a 7600
running Native IOS? We have tried two different IOSs: 12.1(8b)e9 &
12.1(11b)e7 with little difference.
The problem we notice is that TCP SYN packets aren't passed thru without the
use of the "log" key word. When you put in the log keyword, the packets pass
thru the interface without a problem...
Ash
\\\|||///
\\ ^ ^ //
( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg 5/490 Northbourne Ave
Network Specialist DICKSON 2602
Internet Network Development
Telstra
Email: <<mailto:Ash.Garg@telstra.net>>
BH: +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165
The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/