Wow...
I have no experience with this, but sounds interesting and kind of a trap.
I am using netflow and have never payed attention to interface info.
Only to L3/L4 source/destination and size mostly.But if denied traffic
is exposed, I guess I'm counting it as valid :( Unless the collector has
this knowledge embedded.
Nice to know though.
-Carlos
Tom Kacprzynski @ 31/05/2012 00:54 -0300 dixit:
> Hello,
> I was reading the ACL configuration guide and came upon this paragraph:
>
> "Packets matching an entry in an ACL with a log option are process
> switched. It is not recommended to use the log option on ACLs, but rather
> use NetFlow export and match on a destination interface of Null0. This is
> done in the CEF path. The destination interface of Null0 is set for any
> packet that is dropped by the ACL. "
>
> http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-access-list-ov.html#GUID-97E3F195-6145-4D3C-A7F2-DE718D3D2204
>
>
> Does anyone have experience configuring matching denied ACLs on null0? I
> wasn't able to configure netflow on null0.
>
> Thank you,
>
> Tom
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Thu May 31 2012 - 08:43:39 ART
This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:20 ART