On 04/08/2011 09:34 PM, Brandon Ewing wrote: > > It's possible the router is trying to reassemble the fragments to compare > them to the ACL -- someone with more experience on the 6500 platform's ACL The 6500 doesn't do that, I am pretty sure.