[c-nsp] NPE G1, CEF and ACLs and high CPU
Rodney Dunn
rodunn at cisco.com
Fri Sep 5 08:07:24 EDT 2008
But make sure you do:
config t
int null 0
no ip unreachables
The ACL drops are, last I checked, rate limit punts.
If it's high CPU at IP Input really need 12.4(20)T and get
a sniffer trace in the punt path to see what traffic it really is.
Rodney
On Thu, Sep 04, 2008 at 03:46:23PM -0400, Stephen Kratzer wrote:
> On Thursday 04 September 2008 15:12:12 Mateusz B??aszczyk wrote:
> > 2008/9/4 Stephen Kratzer :
> > > The 'log' keyword will cause matching packets to not be CEF switched.
> >
> > nope, log is not present.
> >
> > > Also, if
> > > you're denying a lot of traffic from a certain source, you might want to
> > > just bit-bucket it rather than sending ICMP responses.
> >
> > you mean - "no ip unreachables"?
>
> You could match the access list in a route map and set the outbound interface
> to Null0.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list