[c-nsp] Problems with ip flows and ACLs
Gert Doering
gert at greenie.muc.de
Wed Feb 8 04:58:38 EST 2006
Hi,
On Wed, Feb 08, 2006 at 08:58:58AM +0100, Florian Prester wrote:
> I know applying to an interface activates an ACL, but in this case
> already established connections remain open, new initialized get blocked.
> After terminating the established connection and reconnect within 30
> seconds (timeout for inactive netflows) the connections reopens again.
>
> After the timeout of 30 seconds the connections gets blocked if reinitiated.
>
> So I think it is about the netflow, and my question is how to reset those
> established netflow-connections-informations.
What IOS version are you using, and on what hardware platform? This sounds
like very old code, that is actually using netflow as forwarding path, and
not only for accounting.
In any case, removing "ip route-cache flow" from the (ingress) interface
should disable the flow path...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list