[c-nsp] inbound ACl

Tim Stevenson tstevens at cisco.com
Tue Feb 7 10:27:15 EST 2006

The only thing I can think of like this is for multicast, using the 
mls ip multicast stub command, which programs the tcam to allow local 
sources on the subnet to source multicast traffic while dropping all 
other multicast to prevent high CPU due to non-RPF traffic. There are 
other ways to deal w/this in more recent hardware though (this is an 
issue in sup1 systems, and to a lesser degree on sup2 systems).

If you are thinking of something else, not sure what it could be...


At 06:59 AM 2/7/2006, Alban Dani submitted:
>Hi there,
>I have heard anecdotaly that in the Cisco 6500 running native IOS you can
>run a command that will imitate
>an "allow" statement on an ACL applied inbound on an interface for the ip
>address assigned to that interface.
>ie if you have Vlan 21 and the  ip address then by
>running this command you would implicitly
>create something that would substitute "access-list 199 permit ip
> any".
>I hope I am making sense.
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>archive at http://puck.nether.net/pipermail/cisco-nsp/

Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

More information about the cisco-nsp mailing list