[c-nsp] access rule question

Meyers, Eric D emeyers at utk.edu
Thu Oct 30 11:08:00 EDT 2014


The hardware replacement went rather swimmingly and does appear to have
resolved our issue(s).  The RSP synchronized to the active RSP.  We did
have to perform a couple of FPD/FPGA updates not the 100Gbps card; this
went without issue.   Can you verify that you have received the RMA¹d
hardware?

EM

On 10/30/14, 9:06 AM, "Deric Kwok" <deric.kwok2000 at gmail.com> wrote:

>Hi
>
>I configure the access rule to put it in access-group in interface
>to prevent to use our network to attack outside
>
>I can see the "matches" in access-list
>
>Extended IP access list attack
>    30 deny udp any eq 1910 any eq 123 (124061 matches)
>    500 permit ip any any (615041 matches)
>
>
>but when I add new rule and unbind the old access-group in interface and
>bind the new access-group
>
>Why don't have any matching in the access-list
>
>Extended IP access list attack2
>    40 deny udp any eq 1910 any
>    500 permit ip any any
>
>In addition, what is different between
>
>ip access-group attack2 in
>and
>ip access-group attack2 out
>
>Thank you
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list