[c-nsp] Weird ACL behaviour
Marco Matarazzo
marmata at gmail.com
Thu Jun 17 09:17:41 EDT 2010
Hi all,
I'm facing a strange behaviour on an ACL just wanted to know if someone has
encountered a similar issue? Here're the facts:
I'm using a Cisco 6509 on SXI2, I've setup Netflow to collect and send
traffic to a collector. The collector is on my management network. The
relevant configs:
[...snip...]
mls netflow interface
mls flow ip interface-full
mls nde sender
[... some interfaces has ip flow ingress configured...]
interface FastEthernet3/48
description Management Network
ip address 10.16.x.y 255.255.255.0
ip access-group Management out
no ip proxy-arp
ip flow-export source FastEthernet3/48
ip flow-export version 9 origin-as
ip flow-export destination 10.16.x.z 9995
ip access-list extended Management
deny ip any any
with this configuration in place the collector only receives flows generated
by CPU switch traffic. All the traffic generated by the mls nde sender
command does get blocked by the ACL. As soon as I remove the ACL the traffic
flows fine. I was under the assumption that traffic generated by the router
was not affected by the ACLs, and in fact all the rest of the traffic is
fine... Maybe I'm catching a bug here, or is that written somewhere that
packets created by the mls gets blocked by ACLs?
Cheers,
]\/[arco
--
I'm Winston Wolf, I solve problems.
More information about the cisco-nsp
mailing list