[c-nsp] Problems with ip flows and ACLs

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Feb 8 03:52:26 EST 2006 

Florian,

you are right, this is explained in CSCdm70194 (FLOW: ACLs have a
delayed effect on pkts belonging to active flows), pls check this DDTS'
release notes. 
The problem is "resolved" in recent 12.0S/12.2S/12.3T (and thus 12.4)
with ACL enhancements no longer requiring this form of acceleration.

	oli

Florian Prester <> wrote on Wednesday, February 08, 2006 8:59 AM:

> Hi,
> 
> I know applying to an interface activates an ACL, but in this case
> already established connections remain open, new initialized get
> blocked. After terminating the established connection and reconnect
> within 30 seconds (timeout for inactive netflows) the connections
> reopens again. 
> 
> After the timeout of 30 seconds the connections gets blocked if
> reinitiated. 
> 
> So I think it is about the netflow, and my question is how to reset
> those established netflow-connections-informations.
> 
> Thanks
> Florian
> 
> 
> 
>> Please ask your question again and make it more clear.
>> 
>> To make an ACL active you just apply it to the interface.
>> It doesn't have anything to do with "ip route-cache flow".
>> 
>> That is for collecting netflow stat's "sh ip cache flow".
>> 
>> Rodney
>> 
>> On Tue, Feb 07, 2006 at 08:10:16PM +0100, Florian Prester wrote:
>>> Hi,
>>> 
>>> if I use ip flows, how can I interrupt those, e.g. to make ACLs
>>> active on that interface? 
>>> 
>>> my HW:
>>> IOS (tm) RSP Software (RSP-JO3SV-M), Version 12.2(17a), RELEASE
>>> SOFTWARE (fc1) 
>>> 
>>> configureation:
>>> interface ATM 4/0
>>>     ip route-cache flow
>>> ...
>>> 
>>> 
>>> Thanks
>>> Florian
>>> 
>>> --
>>> Dipl. Inf. Florian Prester
>>> Network Administration
>>> Regionales RechenZentrum Erlangen
>>> Universitaet Erlangen-Nuernberg
>>> Martensstr. 1
>>> 91052 Erlangen
>>> Germany
>>> 
>>> Tel.: +499131 8527813
>>> 
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list