[nsp] ip verify unicast not logging in ACL

Daniel Roesen dr at cluenet.de
Wed Nov 12 09:39:03 EST 2003


On Wed, Nov 12, 2003 at 02:56:48PM +0100, Tomas Daniska wrote:
> hey deeae-aergh :)

dhie-tschaj!

> acl 'log' line gets the packet out of cef. and - iirc - urpf is a cef
> feature. that's why "it's not a bug"

Well, if you can CONFIGURE it (without a warning in the log or something
like that) and it DOESN'T WORK, then it's IMNSHO a bug. They could make
the fail-ACL punt to-be-logged packets to the CPU, like for many other
features.

> did they manage to make acl logging be cef-supported within this ddts or
> is it an urpf-specific solution?

No idea, the bugID is not visible.


Best regards,
Daniel


More information about the cisco-nsp mailing list