[c-nsp] 6500 snmp and vty acls ?

Todd, Douglas M. DTODD at PARTNERS.ORG
Mon Aug 25 10:20:22 EDT 2008


Just some thoughts:

I believe the the acls are hardware based in with the pfc3 (I don't believe that
the software version makes this difference), but I do believe they are hardware
based unless you add things like logging. 

This may help you with the pfc3
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sh
eet09186a0080159856.html 

COPP has software and hardware based queues.  The hardware queue does not come
into play until you add mls qos.  Once you do this you will see the hardware and
software counters.  I believe that the two are considered separate policers, but
you define one policy-map->class-map. We have seen traffic being dropped (tcp
and ipx) when we have the default-queue policer set to low, just an fyi.

There are quite a few good examples on the net from Cisco and from good users on
this group.


Douglas


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Turnbow
Sent: Monday, August 25, 2008 9:00 AM
To: Jeff Fitzwater; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 6500 snmp and vty acls ?

COPP is done in hardware
ACL on VTY/SNMP is software as far as I remember 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeff Fitzwater
Sent: mercoledì 13 agosto 2008 22.17
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 6500 snmp and vty acls ?

Does anyone know if VTY and snmp ACLs are implemented in hardware or software on
a 6500 with 720-CXL running 12.2(33)SXH.

I am trying to understand COPP and move away from the VTY and SNMP ACLs.

Thanks for any info.


Jeff Fitzwater
OIT Network Systems
Princeton University




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

No virus found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.138 / Virus Database: 270.6.7/1632 - Release Date: 8/25/2008 7:05
AM

The information transmitted in this electronic communication is intended only
for the person or entity to whom it is addressed and may contain confidential
and/or privileged material. Any review, retransmission, dissemination or other
use of or taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received this
information in error, please contact the Compliance HelpLine at 800-856-1983 and
properly dispose of this information.





More information about the cisco-nsp mailing list