[c-nsp] nexus logging L3 ACL and mac source ?
Gert Doering
gert at greenie.muc.de
Fri Jun 28 04:51:51 EDT 2013
Hi,
On Thu, Jun 27, 2013 at 10:54:32PM +0100, Tóth András wrote:
> The MAC address of the packet will not be visible in the ACL logs. You can
> see the port where the logged packet was received, then you can check the
> learnt MACs on the port to narrow it down.
Is this a hardware limitation on the N7K, or "just not implemented yet"?
The assumption that "if you know the IP address and the ingress interface,
you can see from the ARP table where it came from" is deeply flawed for
a number of reasons - the most easily understood is "the packet might come
from behind another router", so you need the MAC address of the previous-hop
router to backtrack stuff.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20130628/c1e6e1d9/attachment.sig>
More information about the cisco-nsp
mailing list