[c-nsp] Drop rule at the end of CoPP conflicts with MAC learning
Saku Ytti
saku at ytti.fi
Fri Jun 28 09:22:16 EDT 2013
On (2013-06-28 15:05 +0200), "Rolf Hanßen" wrote:
> no egress ACL.
> On the box I tested there is no ACL bound to any interface at all, only
> some in copp classes and one for the line vty.
Do you have 'class-default' configured?
I have penultimate rule 'CoPP-IP' which drops, like yours, everything
matching to 'ip any any' ACL.
After that I have class-default, where I permit (I need it at least for
ISIS). If not configured, it's permit as well.
I also have:
mls rate-limit unicast cef glean 200 50
mls qos protocol ARP police 2000000 62000
And no ARP issues (beware if you're switching also that the ARP police
affects transit ARP also)
--
++ytti
More information about the cisco-nsp
mailing list