RST-3508
9805_05_2004_c2
RST-3508
9805_05_2004_c2
© 2004 Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
ACL Main Issues
High CPU
•
Misbehaving ACLs
•
© 2004 Cisco Systems, Inc. All rights reserved.
ACL...High CPU
Denied traffic in an input/output RACL
•
This is rate controlled starting in IOS 12.1.13 EW(1)
No effect on counter accuracy
Do not need "no ip unreachables" option with above release or
higher
ACEs requiring logging ("log" keyword)
•
This is rate controlled starting in IOS 12.1.13 EW(1)
No effect on counter accuracy
Match on TCP flags other than "established"
•
Policy-routed traffic (SW switched for "set ip df"...ingress
•
packet size is greater than egress port MTU)
TCAM full due to excessive L4 ops expansion
•
© 2004 Cisco Systems, Inc. All rights reserved.
87
87
87
88
88
88