On Wed, Aug 13, 2008 at 04:17:21PM -0400, Jeff Fitzwater wrote:
Does anyone know if VTY and snmp ACLs are implemented in hardware or
software on a 6500 with 720-CXL running 12.2(33)SXH.
VTY and SNMP ACLs are done in software; they have to be, because they
reference certain CPU conditions e.g. consider:
vty 0 12
access-class NET_OPS in
vty 13 15
access-class REALLY_VITAL in
...where you reserve VTYs 13-15 for really important stuff; clearly the
CPU will have to be asked how many VTYs are open to make this work.
Ditto with SNMP community strings - you might have 2 communities with
mutually exclusive ACLs, and one needs to decode the SNMP header and
extract the community before processing the ACL
I am trying to understand COPP and move away from the VTY and SNMP ACLs.
CoPP is done in hardware if everything is working correctly, though a
2nd pass of the ACLs can be performed in software to ensure that for a
rate limit of N you don't get N*M pps - M being the number of DFC/PFC
forwarding engines
Thanks for any info.
Jeff Fitzwater
OIT Network Systems
Princeton University
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
