[c-nsp] inbound ACl
Tim Stevenson
tstevens at cisco.com
Tue Feb 7 10:27:15 EST 2006
The only thing I can think of like this is for multicast, using the
mls ip multicast stub command, which programs the tcam to allow local
sources on the subnet to source multicast traffic while dropping all
other multicast to prevent high CPU due to non-RPF traffic. There are
other ways to deal w/this in more recent hardware though (this is an
issue in sup1 systems, and to a lesser degree on sup2 systems).
If you are thinking of something else, not sure what it could be...
Tim
At 06:59 AM 2/7/2006, Alban Dani submitted:
>Hi there,
>
>I have heard anecdotaly that in the Cisco 6500 running native IOS you can
>run a command that will imitate
>an "allow" statement on an ACL applied inbound on an interface for the ip
>address assigned to that interface.
>
>ie if you have Vlan 21 and the ip address 1.2.1.1 255.255.255.0 then by
>running this command you would implicitly
>create something that would substitute "access-list 199 permit ip 1.2.1.0
>0.0.0.255 any".
>
>I hope I am making sense.
>
>thanks
>
>Alban
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list