[c-nsp] access rule question
Meyers, Eric D
emeyers at utk.edu
Thu Oct 30 11:08:00 EDT 2014
The hardware replacement went rather swimmingly and does appear to have
resolved our issue(s). The RSP synchronized to the active RSP. We did
have to perform a couple of FPD/FPGA updates not the 100Gbps card; this
went without issue. Can you verify that you have received the RMA¹d
hardware?
EM
On 10/30/14, 9:06 AM, "Deric Kwok" <deric.kwok2000 at gmail.com> wrote:
>Hi
>
>I configure the access rule to put it in access-group in interface
>to prevent to use our network to attack outside
>
>I can see the "matches" in access-list
>
>Extended IP access list attack
> 30 deny udp any eq 1910 any eq 123 (124061 matches)
> 500 permit ip any any (615041 matches)
>
>
>but when I add new rule and unbind the old access-group in interface and
>bind the new access-group
>
>Why don't have any matching in the access-list
>
>Extended IP access list attack2
> 40 deny udp any eq 1910 any
> 500 permit ip any any
>
>In addition, what is different between
>
>ip access-group attack2 in
>and
>ip access-group attack2 out
>
>Thank you
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list