[c-nsp] sup720 ICMP redirects "once per second"
Phil Mayers
p.mayers at imperial.ac.uk
Mon Feb 11 13:15:24 EST 2013
On 11/02/13 18:07, Phil Mayers wrote:
> As you say, I *assume* the punts are subject to CoPP, but who knows?
In fact, a bit of fiddling with the CoPP config suggests not; I wrote a
specific acl/class-pol/polmap entry to match the packets generating the
redirects, and the "matched" HW counters aren't incrementing, suggesting
the packets are *not* being processed by CoPP.
At this point I might open a TAC case, because if that's the case, this
is bad (and potentially not very secure...)
More information about the cisco-nsp
mailing list