[c-nsp] Weird ACL behaviour

Rodney Dunn rodunn at cisco.com
Thu Jun 17 11:52:32 EDT 2010


If it is an inconsistency in implementation between the software and 
hardware generated records it should be clearly articulated as a gotcha 
in the configuration guide. Ben is checking on both parts for us.

Rodney



On 6/17/10 11:15 AM, Marco Matarazzo wrote:
> On Thu, Jun 17, 2010 at 4:29 PM, Benjamin Lovell<belovell at cisco.com>  wrote:
>
>> The code path for MLS netflow versus software netflow is not the same. For
>> MLS netflow the export records are created by the DFC/PFC so it's not
>> surprising that they act differently than "locally generated" traffic.
>>
>
> I'm not surprised that the flows are created by different 'entities' inside
> the 6500. Another evidence is the fact that mls  record are created with a
> source port different than the software created records.
> I just found it unexpected that this 'entity' was considered external by the
> point of view of the ACL. Once you know it, I can punch an hole in the ACL,
> but wanted to be sure this is expected and not actually a bug of some sort
> (in the software or in the documentation! ;)
>
> Thanks!
> ]\/[arco


More information about the cisco-nsp mailing list