[c-nsp] C6K, SUP720, 15.1SY, uRPF with ACL, CoPP

Tim Durack tdurack at gmail.com
Wed Oct 2 13:32:42 EDT 2013


Appears to have stopped working. Once CoPP is enabled, I no longer see
"CEF-Drop-Suppress: Packet from <IP> via Vlan824 -- ACL check" debug
messages.


On Wed, Oct 2, 2013 at 1:27 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> On 02/10/13 18:20, Tim Durack wrote:
>
>> C6K, SUP720 (mix of 3B, 3BXL, 3C, 3CXL), running 15.1SY.
>>
>> We have enabled uRPF with ACL exceptions to support DHCP relay (plus mls
>> ip
>> cef rpf hw-enable-rpf-acl). This works as expected.
>>
>> If we enable CoPP, the ACL exceptions for uRPF stop working. I can't find
>> a
>> good explanation for this, and TAC isn't very helpful on the subject.
>>
>
> Stop working, or hit the CoPP policy?
> ______________________________**_________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>



-- 
Tim:>


More information about the cisco-nsp mailing list