[c-nsp] 2960S vlan ACL eating some L2 transit packets!?
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 13 17:15:30 EST 2014
On 13/01/2014 21:03, Gert Doering wrote:
> Hi,
>
> On Mon, Jan 13, 2014 at 02:59:31PM -0500, Chuck Church wrote:
>> Is there a bug that is setting the Ethernet broadcast bit accidentally
>> internally?
>
> Well, I had the assumption that it could be flooded packets due to
> missing MAC table entries, but since I've seen the same IP address
> logged both as source and destination, I'm fairly sure there is no
> flooding going on...
Unless there's some sort of loop, MAC flapping or similar, and these are
punting for learning/logging reasons? Does "log-input" work on that ACL?
You're absolutely right that an SVI access-group should not hit L2
transit traffic on these devices by "design", AFAICT. So it's either a
bug, or something odd happening with the traffic - I wonder if there's a
way to get the L2 header, or do an ELAM-equivalent on 2960?
More information about the cisco-nsp
mailing list