Netflow bug on 3-GE cards (Trident) in Cisco GSRs
Andrew C. Ohnstad
andrewo at gblx.net
Mon Jul 23 14:20:27 UTC 2001
On Sat, Jul 21, 2001 at 09:37:36AM +0200, Mikael Abrahamsson wrote:
>
> On Fri, 20 Jul 2001, Dani Roisman wrote:
>
> > Turns out you can only run netflow on the first port of a 3-GigE port
> > on the current S-tract software rev. If you have been struggling with
> > this as well, I'm eager to hear about it off-list.
>
> In 12.0.15S you cannot use access-lists on subinterface on the 3GE either.
> Wonder if that's a software bug too, or hardware limitation (like the MTU
> difference on the 3GE compared to the 1GE).
Actually Cisco has never supported ACLs on Engine 0 or Engine 1 cards in
the GSR. Used to be that you could apply those ACLs, but they were
implemented by the router very erratically. Cisco finally removed the
ability to apply ACLs to an ineligible interface because the TAC was tired
of telling people "it's not supported, even though it's there."
Best wait another 6 months for the Engine 2 10xGIGE card which will
support ACLs, or change to/add something from the 7xxx platform.
DownReving the router isn't really an option, like I said because the ACLs
never really worked right anyway. I don't remember the exact details (I
can get them if anyone wants) but I believe it did something like
arbitrarily testing random packets with random rules, whereas some
packets would get thru without being checked at all.
--
=-=andrewo
More information about the NANOG
mailing list