[c-nsp] VLAN Interfaces and ACLs on a 7600....am I losing my mind?
John Neiberger
jneiberger at gmail.com
Wed Jul 11 17:32:10 EDT 2012
I opened up a TAC case on this and they immediately knew what the
problem was. We have "platform ip features sequential" configured
because of the way we use DSCP. However, that causes incoming packets
to be recirculated through whatever processes it runs them through,
which has the side effect of running them through the SVI. Since the
SVI has an ACL, that ACL applies to all L2 traffic on the VLAN if we
have "platform ip features sequential" configured. I removed it for
testing and everything immediately began to work. The solution is to
add a permit statement for traffic staying with the VLAN.
Thanks for everyone's help!
John
More information about the cisco-nsp
mailing list