[[nsp] ACLs]
Sean Donelan
sean at donelan.com
Fri Feb 28 14:37:41 EST 2003
On Fri, 28 Feb 2003, Florian Weimer wrote:
> If you do this, there is a time window during which the router
> forwards more packets than it should.
>
> Has anybody found an approach which avoids this effect?
Automated products create a second temporary access list, switch
the ip access-group on the interface to the temporary access list, modify
the original access list, switch the access-group back, and delete the
second temporary access list.
If you absolutely, positively can't risk even the smallest timing window,
I suppose you can always shutdown the interface while making changes.
More information about the cisco-nsp
mailing list