[c-nsp] nexus logging L3 ACL and mac source ?
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jun 28 06:43:12 EDT 2013
On 28/06/13 10:58, Tóth András wrote:
> Manually looking at the MAC/ARP table is not flawed much more than relying
> on ACL logging to print out the MAC because if it comes through a router,
> both will display the router MAC anyway.
Routing is *not* symmetric, and interfaces can have >1 router at the
other end. Hence, source MAC is valuable.
This is to say nothing of source-spoofed traffic from directly attached
layer2.
So yes, in fact, logging is superior to looking at the MAC/ARP table.
More information about the cisco-nsp
mailing list