[c-nsp] 6500 snmp and vty acls ?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Aug 14 03:16:40 EDT 2008
On Wed, Aug 13, 2008 at 04:17:21PM -0400, Jeff Fitzwater wrote:
>Does anyone know if VTY and snmp ACLs are implemented in hardware or
>software on a 6500 with 720-CXL running 12.2(33)SXH.
VTY and SNMP ACLs are done in software; they have to be, because they
reference certain CPU conditions e.g. consider:
vty 0 12
access-class NET_OPS in
vty 13 15
access-class REALLY_VITAL in
...where you reserve VTYs 13-15 for really important stuff; clearly the
CPU will have to be asked how many VTYs are open to make this work.
Ditto with SNMP community strings - you might have 2 communities with
mutually exclusive ACLs, and one needs to decode the SNMP header and
extract the community before processing the ACL
>
>I am trying to understand COPP and move away from the VTY and SNMP ACLs.
CoPP is done in hardware if everything is working correctly, though a
2nd pass of the ACLs can be performed in software to ensure that for a
rate limit of N you don't get N*M pps - M being the number of DFC/PFC
forwarding engines
>
>Thanks for any info.
>
>
>Jeff Fitzwater
>OIT Network Systems
>Princeton University
>
>
>
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list