From: Andrew Moriarty (amgroupstudy@hotmail.com)
Date: Tue Jul 27 2004 - 18:03:35 GMT-3
Hey group:
I've got a 7206 with two fasteternet interfaces. Both are running 802.1Q
trunking, on multiple subinterfaces. cef is enabled.
I want to drop differernt traffic on different subinterfaces. Some of the
traffic is identified by access-list, some by protocol type. These were
combined in a service policy that was using the "police" commmand, and
setting the conform/exceed/violate action to "drop" , within the class
When combined with cef this blew the router up. Complete hang. I did some
research and discovered that these don't appear to work together, so I need
a work around. I believe that my options are:
1. Don't use CEF on those interfaces.
2. Rather than the "police" option in the service policy for that class,
just "drop" with that class command.
3. Use an extended access-list to control inbound traffic and ignore the
service policy completely.
I'm concerned about what turning off cef will do- how much of a performance
issue will I have?
I think the "drop" option is a good one, but will it stil blow up my router?
Access-lists seem a bit clunky, and I'm not sure of the order of operations
when using an access-list and a service policy, or which is better/faster?
Any thoughts on this would be appreciated.
am
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:04 GMT-3