[c-nsp] Equivalent of "ip multicast boundary" on N7k for blocking data packets?
Dobbins, Roland
rdobbins at arbor.net
Wed Jun 5 07:50:17 EDT 2013
On Jun 4, 2013, at 4:54 AM, Phil Mayers wrote:
> including that you don't need to write both ingress and egress ACLs. Though I suppose the latter are more flexible.
Egress ACLs are generally considered to be a Bad Thing, as they allow potentially undesirable packets past the port/linecard ASICs before dropping them on egress.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list