From: James Ventre (messageboard@ventrefamily.com)
Date: Fri Jul 21 2006 - 15:02:57 ART
"Situations and Features That Trigger Traffic to Go to Software"
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00804916e0.shtml#processing
*Access control entries (ACEs) that require logging, with the log keyword
This applies to ACL log and VLAN ACL (VACL) log features. ACEs in the
same ACL that do not require logging still process in hardware. The
Supervisor Engine 720 with PFC3 supports the rate limit of packets that
are redirected to the MSFC for ACL and VACL logging. The Supervisor
Engine 2 supports the rate limit of packets that are redirected to the
MSFC for VACL logging. Support for ACL logging on the Supervisor Engine
2 is scheduled for the Cisco IOS Software Release 12.2S branch.
James
Duncan Maccubbin wrote:
> While it was a sup2, it was running 12.2(18)SXF. Not sure if that has an impact.
>
> -----Original Message-----
>> From: James Ventre <messageboard@ventrefamily.com>
>> Sent: Jul 21, 2006 1:22 PM
>> To: Duncan Maccubbin <duncan.maccubbin@earthlink.net>
>> Cc: ccielab@groupstudy.com
>> Subject: Re: CEF Switching and ACL logging
>>
>> On a 6500, with older code and older PFC's, the LOG did a punt to the
>> MSFC - which has it's own CEF table.
>>
>> James
>>
>>
>>
>> Duncan Maccubbin wrote:
>>> I had a 6500 that stopped passing traffic through a VLAN. I put a permit ip any any log on it to see if the traffic was passing through the firewall and getting to the switch. At that point the switch started passing traffic. If I took the ACL off it would stop. Turns out it had a corrupt CEF traffic and putting the any any log on it bypassed the CEF table.
>>>
>>> It did not, disable CEF on the entire switch though.
>>>
>>> -----Original Message-----
>>>> From: Colm O'Leary <Colm.O'Leary@anpost.ie>
>>>> Sent: Jul 21, 2006 11:22 AM
>>>> To: ccielab@groupstudy.com
>>>> Subject: CEF Switching and ACL logging
>>>>
>>>> Hello,
>>>> I have enabled ACL logging on an inbound ACL applied to one of my
>>>> routers interfaces. The router also has cef switching enabled. According
>>>> to CCO, with ACL logging enabled, cef switching will be disabled for the
>>>> router. From my observations, cef is still working, and the access-list
>>>> is still logging. Can anyone shed any light on this for me. I am using a
>>>> 3825 with 12.4 code.
>>>>
>>>> Thanks,
>>>>
>>>> Colm
>>>>
>>>> *****************************************************************************
>>>> ****
>>>> This e-mail and its attachments, is confidential and is intended for the
>>>> addressee(s) only. If you are not the intended recipient, disclosure,
>>>> distribution or any action taken in reliance on it is prohibited and may be
>>>> unlawful. Please note that any information expressed in this message or its
>>>> attachments is not given or endorsed by An Post unless otherwise indicated by
>>>> an authorised representative independently of this message. An Post does not
>>>> accept responsibility for the contents of this message and although it has
>>>> been scanned for viruses An Post will not accept responsibility for any damage
>>>> caused as a result of a virus being passed on.
>>>> *****************************************************************************
>>>> ****
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART