[c-nsp] nexus logging L3 ACL and mac source ?

Tóth András diosbejgli at gmail.com
Fri Jun 28 05:58:50 EDT 2013


Manually looking at the MAC/ARP table is not flawed much more than relying
on ACL logging to print out the MAC because if it comes through a router,
both will display the router MAC anyway.

Andras



On Fri, Jun 28, 2013 at 9:51 AM, Gert Doering <gert at greenie.muc.de> wrote:

> Hi,
>
> On Thu, Jun 27, 2013 at 10:54:32PM +0100, Tóth András wrote:
> > The MAC address of the packet will not be visible in the ACL logs. You
> can
> > see the port where the logged packet was received, then you can check the
> > learnt MACs on the port to narrow it down.
>
> Is this a hardware limitation on the N7K, or "just not implemented yet"?
>
> The assumption that "if you know the IP address and the ingress interface,
> you can see from the ARP table where it came from" is deeply flawed for
> a number of reasons - the most easily understood is "the packet might come
> from behind another router", so you need the MAC address of the
> previous-hop
> router to backtrack stuff.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>                                                            //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de
>


More information about the cisco-nsp mailing list