[nsp] ip verify unicast not logging in ACL

Daniel Roesen dr at cluenet.de
Wed Nov 12 08:25:53 EST 2003

On Wed, Nov 12, 2003 at 12:58:27PM -0000, Sam Stickland wrote:
> Oh forgot to ask, what's the difference between a drop and suppressed drop?

drop == packet got dropped
suppressed drop == packet got permitted in fail-filter ACL

And yes, I've also run into the "no logging" bug. Cisco claims this
is a "feature":

 "The log ACL option is not supported if used in conjunction with uRPF,
 bug ID: cscdz05440, this bug is to fix the documentation. This is why
 your ACL is not showing any matches."
 "It seems the ACL logging is fixed by bug cscdz05443. I am currently
 confirming this and will let you know."

Never heard that wether it was actually fixed as "works now" or as
in "documentation changed that logging is unsupported". Bug is not
visible, so can't check.

And for your other problem:

 There is also another bug for uRPF, cscdz05443. You may come across this
 as your IOS contains this bug."

Regarding wether 12.0S is affected too:

 "12.0S was not listed as affected as it was not tested by the Engineer
 that opened the bug. 12.0ST is 12.0S with features added, so you will
 come across the same bugs if running the same features as available int

I wonder what "All affected versions" button is good for then... :-(

Best regards,

More information about the cisco-nsp mailing list