[c-nsp] CoPP for SSH on nexus 7k. Confused!
Lincoln Dale
ltd at cisco.com
Wed Oct 20 21:40:54 EDT 2010
On 21/10/2010, at 12:05 PM, Shanawaz wrote:
> If my testing doesnot make sense, I can try explaining again.
your tests make perfect sense and just reiterate what i said up front. a 'deny' won't do what you think it does.
net-net:
1. use a 'permit' ACL to match the traffic you want, set a policy of 'transmit' with whatever rate you want.
2. use a 'permit' ACL to match the traffic you want to block, set a policy of 'drop'.
i.e. ALL CoPP ACLs end up being 'permit', never 'deny'.
think of it like a QoS ACL, it behaves the same way.
cheers,
lincoln.
>
> Regards.
> Shanawaz
>
More information about the cisco-nsp
mailing list