[c-nsp] Sup2T and sampled netflow with inbound ACL on SVI
Jiri Prochazka
jiri.prochazka at superhosting.cz
Thu Feb 5 07:21:49 EST 2015
Hi,
I'd like to use sampled netflow and inbound L3 ACL together on SVI on
Cat7600/Sup2T platform and I am having no luck getting this super-basic
thing done.
As soon as those two functions are being enabled, inbound traffic gets
switched in software.
As soon as I do not use either sampled netflow or inbound acl,
everything works as expected.
But combination of those two results in software switched in software.
Config ->
interface Vlan998
description SVI-of-Vlan998
ip address 192.168.1.1 255.255.255.252
ip access-group acl_deny_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor MONITOR-NETWORK-IN sampler SAMPLER input
%FMCORE-4-RACL_REDUCED: Interface Vlan998 routed traffic will be
software switched in ingress direction.
L2 features may not be applied at the interface
When I remove either 'ip access-group acl_deny_in in' or 'ip flow
monitor MONITOR-NETWORK-IN sampler SAMPLER input' I get notofication
about traffic being switched in hardware. When I use unsampled netflow,
it works too.
%FMCORE-6-RACL_ENABLED: Interface Vlan998 routed traffic is hardware
switched in ingress direction
The very same setup on L3 interface itself is working absolutely OK.
What am I missing?
Thanks!
Jiri
More information about the cisco-nsp
mailing list