[nsp] ip verify unicast not logging in ACL
Daniel Roesen
dr at cluenet.de
Wed Nov 12 08:25:53 EST 2003
On Wed, Nov 12, 2003 at 12:58:27PM -0000, Sam Stickland wrote:
> Oh forgot to ask, what's the difference between a drop and suppressed drop?
drop == packet got dropped
suppressed drop == packet got permitted in fail-filter ACL
And yes, I've also run into the "no logging" bug. Cisco claims this
is a "feature":
"The log ACL option is not supported if used in conjunction with uRPF,
bug ID: cscdz05440, this bug is to fix the documentation. This is why
your ACL is not showing any matches."
"It seems the ACL logging is fixed by bug cscdz05443. I am currently
confirming this and will let you know."
Never heard that wether it was actually fixed as "works now" or as
in "documentation changed that logging is unsupported". Bug is not
visible, so can't check.
And for your other problem:
There is also another bug for uRPF, cscdz05443. You may come across this
as your IOS contains this bug."
Regarding wether 12.0S is affected too:
"12.0S was not listed as affected as it was not tested by the Engineer
that opened the bug. 12.0ST is 12.0S with features added, so you will
come across the same bugs if running the same features as available int
12.0ST.
I wonder what "All affected versions" button is good for then... :-(
Best regards,
Daniel
More information about the cisco-nsp
mailing list