[nsp] Cat3750G, IP ACL filtering
jlewis at lewis.org
jlewis at lewis.org
Sat Mar 6 16:55:56 EST 2004
On Sat, 6 Mar 2004 sthaug at nethelp.no wrote:
> The experience from 3550 is that ACL counters do *not* work. You need
> to check the actual traffic (with a sniffer, a software router where
> counters *do* work, or similar) to see if the ACL is blocking what you
> want it to block.
Argh...I ran into this just a few days ago. I tried numbered and named IP
extended ACLs on a 3550 [port running in no switchport mode], and the
counters would occasionally increment a little...but I knew there was way
more traffic going through the port than the ACL suggested. I was going
to post to ask if it was known bug.
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list