[c-nsp] Weird ACL behaviour
Marco Matarazzo
marmata at gmail.com
Thu Jun 17 11:15:19 EDT 2010
On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovell <belovell at cisco.com> wrote:
> The code path for MLS netflow versus software netflow is not the same. For
> MLS netflow the export records are created by the DFC/PFC so it's not
> surprising that they act differently than "locally generated" traffic.
>
I'm not surprised that the flows are created by different 'entities' inside
the 6500. Another evidence is the fact that mls record are created with a
source port different than the software created records.
I just found it unexpected that this 'entity' was considered external by the
point of view of the ACL. Once you know it, I can punch an hole in the ACL,
but wanted to be sure this is expected and not actually a bug of some sort
(in the software or in the documentation! ;)
Thanks!
]\/[arco
--
I'm Winston Wolf, I solve problems.
More information about the cisco-nsp
mailing list