Are you sure this is actually fixed? When entering the command:
mls rate-limit unicast cef glean 5000 250 I get: 12.2(18)SXF14 and 12.2(33)SXI3: The following is sent the console only, but not logged: %Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN 12.2(33)SRD3: The following is logged: *Mar 27 07:08:50 EDT: %MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE: Packets requiring ARP resolution will be subject to the output ACLs of the input VLAN Seems to be an expected message: http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&index=all&locale=en&query=MLS_RATE-4-ENABLING_FIB_GLEAN_RECEIVE&counter=0&paging=5&links=reference&sa=Submit Previous messages from Sukumar in the Feb 2007 timeframe seemed to imply this was an issue with the PFC3B and could be fixed with the PFC3C. Thanks Chris On Mar 25, 2010, at 4:20 PM, Rodney Dunn wrote: > > > On 3/25/10 1:42 PM, Tim Durack wrote: >> On Thu, Mar 25, 2010 at 12:22 PM, Rodney Dunn<[email protected]> wrote: >>> Yep...that's it: >>> >>> Release-note >>> ============ >>> >>> When a packet is destined to an next hop that doesn't already >>> have an ARP entry, the packet needs to be punted from the hardware >>> datapath up to the CPU. When the glean adjacency rate-limiter is >>> enabled, the egress security ACL (and egress QoS) of the ingress >>> interface is applied on these punted packets. >>> >>> The current workaround is to either relax the egress security ACLs >>> of ports facing PCs/servers (ports facing only routers are not a >>> problem since routing protocols guarantee that ARP entries always >>> exist for routers), or disable the glean adjacency rate-limiter. >> >> But it's fixed, right? > > Yes. I didn't realize how long it had been so my memory isn't totally gone > yet. ;) > > Rodney > > >> >> CSCed75920 says: >> >> Fixed-In >> 12.2(17d)SXB1 >> 12.2(18)SXD >> >> (I really want to police all ip at the end of my CoPP policy, and the >> mls glean rate-limiter appears to allow me to do that.) >> > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Chris Griffin [email protected] Sr. Network Engineer - CCNP Phone: (352) 273-1051 CNS - Network Services Fax: (352) 392-9440 University of Florida/FLR Gainesville, FL 32611 _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
