[c-nsp] CoPP for SSH on nexus 7k. Confused!
Shanawaz
shanawaz at gmail.com
Thu Oct 21 00:08:37 EDT 2010
Point taken. The moral of the story is 'dont put a deny statement in your
CoPP ACL's'
Thanks a lot for the replies.
On Thu, Oct 21, 2010 at 12:40 PM, Lincoln Dale <ltd at cisco.com> wrote:
> On 21/10/2010, at 12:05 PM, Shanawaz wrote:
> > If my testing doesnot make sense, I can try explaining again.
>
> your tests make perfect sense and just reiterate what i said up front. a
> 'deny' won't do what you think it does.
>
> net-net:
> 1. use a 'permit' ACL to match the traffic you want, set a policy of
> 'transmit' with whatever rate you want.
> 2. use a 'permit' ACL to match the traffic you want to block, set a policy
> of 'drop'.
>
> i.e. ALL CoPP ACLs end up being 'permit', never 'deny'.
>
> think of it like a QoS ACL, it behaves the same way.
>
>
> cheers,
>
> lincoln.
>
> >
> > Regards.
> > Shanawaz
> >
>
>
More information about the cisco-nsp
mailing list