[c-nsp] acl to block traffic one way
Roland Dobbins
rdobbins at cisco.com
Sat Mar 24 22:42:41 EST 2007
On Mar 24, 2007, at 8:35 PM, Roland Dobbins wrote:
> My $.02, FWIW.
Also, when you copy an ACL over to the device, the first line in the
file should be 'no ip access-list foo', so that your newly-updated
ACL completely replaces the older one.
And if you really need to do ACL logging (NetFlow is often a better
alternative, where/when possible), be sure you understand the CPU
impact of the logging and make use of the logging rate-limiter
commands so as to reduce the CPU impact.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
Words that come from a machine have no soul.
-- Duong Van Ngo
More information about the cisco-nsp
mailing list