From: Jonathan Stevens (jonathanstevens.net@googlemail.com)
Date: Sat Jan 28 2006 - 14:56:21 GMT-3
Brussels also - Seat 10!
Which hotel were you staying at?
de Witt, Duane wrote:
>Brussels, you?
>
>Regards
>Duane de Witt
>Consulting Systems Engineer
>CCIE # 15715
>
>____________________________________________
>SIEMENS Siemens Business Services
> Siemens Service Center
>
>126 14th Road
>Erand Gardens
>Midrand
>South Africa
>
>I +27 11 5452555
>H +27 83 4452768
>J +27 11 5415219
>* duane.dewitt@siemens.com
>
>-----Original Message-----
>From: Jonathan Stevens [mailto:jonathanstevens.net@googlemail.com]
>Sent: 28 January 2006 01:49 PM
>To: de Witt, Duane
>Cc: ccielab@groupstudy.com
>Subject: Re: 6500 Access-lists
>
>Hi Duane,
> Just noticed your number! Congratulations from #15714. Just out of
>curiousity which location did you pass at?
>
>de Witt, Duane wrote:
>
>
>
>>I'm running SUP 7203B. A nice thing that I noticed was that the standby msfc is automatically updated with the config from the master.
>>
>>Everything is setup, I'm just waiting to get the hosts connected to the switch to test.
>>
>>Regards
>>Duane de Witt
>>Consulting Systems Engineer
>>CCIE # 15715
>>
>>____________________________________________
>>SIEMENS Siemens Business Services
>> Siemens Service Center
>>
>>126 14th Road
>>Erand Gardens
>>Midrand
>>South Africa
>>
>>I +27 11 5452555
>>H +27 83 4452768
>>J +27 11 5415219
>>* duane.dewitt@siemens.com
>>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of James Ventre
>>Sent: 26 January 2006 07:58 PM
>>To: Jeremy O'Dette
>>Cc: Sheikh.Rahman@uk.didata.com; de Witt, Duane; ccielab@groupstudy.com
>>Subject: Re: 6500 Access-lists
>>
>>Also be aware that unless you're running a PFC3B (or 3BXL) with newer
>>code your ACL counters are only hits inside of a small sampling window.
>>They do not indicate hits for ALL ACE's.
>>
>>James
>>
>>
>>
>>
>>Jeremy O'Dette wrote:
>>
>>
>>
>>
>>>One word of caution - Double check your ACLs with the "log" option or
>>>a sniffer once you configure them:
>>>We had a pair of 6500s (running hybrid 8.3/12.1(13)) in my office that
>>>were setup for inter-vlan routing. I added a few extended ACLs to the
>>>SVIs on the MSFCs and I noticed the ACLs weren't filtering traffic the
>>>way there were supposed to be (letting denyed traffic into a SVI but
>>>blocking the return path even though the ACl wasn't performing any
>>>egress filtering). I always assumed applying an extended ACL to a
>>>6500 SVI should behave the same as if you put the same ACL on the
>>>physical interface of any other IOS box.
>>>
>>>After talking the issue over with TAC some of the older IOS versions
>>>don't appear to handle filtering properly. You probably won't have
>>>any issues but I'd double check the ACLs are blocking everything
>>>they're supposed to be blocking.
>>>
>>>
>>>
>>>Jeremy O'Dette
>>>CCIE #14973
>>>jeremyodette@hotmail.com
>>>
>>>
>>>
>>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:50 GMT-3