[c-nsp] Strange message on the console

[Arie Vayner (avayner)]

Ross,

This is a bug caused by a some HW limitation. What the message says is
the packets RECEIVED on a specific VLAN, and which are destined to the
local router (like in your case), and in case rate-limiting for this
traffic is enabled - then this traffic would hit the OUTPUT ACL
configured on the same VLAN - which is basically wrong... 

Hope you see the issue now.

The workaround would be simple - make the ACLs permit the traffic...

This issue is not there on the newer 3C/3CXL based SUPs.

Arie 

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ross Vandegrift
Sent: Sunday, May 18, 2008 08:57 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Strange message on the console

Hi everyone,

I was messing around with rate-limiting ARP resolution on a 6500
SUP720-3bxl.  After entering "mls rate-limit unicast cef glean 250 50",
IOS printed this message on the console:

%Packets requiring ARP resolution will be subject to the output ACLs of
the input VLAN

Uhhhh, duh?  I would hope that traffic would always be subject to the
input VLAN's output ACL, since that would be how one would expect ACLs
to work - ie, that they actually do something....  I can't imagine that
this means to imply that output ACLs only work when glean rate-limiting
is enabled.

Google finds nothing on this message - anyone have any info on this
curious bit?


--
Ross Vandegrift
ross at kallisti.us

"The good Christian should beware of mathematicians, and all those who
make empty prophecies. The danger already exists that the mathematicians
have made a covenant with the devil to darken the spirit and to confine
man in the bonds of Hell."
	--St. Augustine, De Genesi ad Litteram, Book II, xviii, 37

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/