[c-nsp] 2960S vlan ACL eating some L2 transit packets!?
Mark Tinka
mark.tinka at seacom.mu
Tue Jan 14 03:52:36 EST 2014
On Monday, January 13, 2014 11:03:22 PM Gert Doering wrote:
> Well, I had the assumption that it could be flooded
> packets due to missing MAC table entries, but since I've
> seen the same IP address logged both as source and
> destination, I'm fairly sure there is no flooding going
> on...
I have seen this issue before, where an ME3600X acting as a
pure Layer 2 switch had VLAN ACL's to protect the control
plane, but traffic (specifically 10/8 traffic which was
MPLS-switched by adjacent routers) was being dropped by the
switch when the ACL had 10/8 included.
Removing the 10/8 ACE or removing the ACL entirely fixed the
issue.
Traffic between the switch and adjacent router was Layer 2,
so it came as a surprise when the switch was acting on the
payload in the Ethernet frames, using an ACL that was
attached to an SVI used for management.
I recall opening a case with Cisco, but I left that company
and never did quite follow-up.
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20140114/43b598b4/attachment.sig>
More information about the cisco-nsp
mailing list