Netflow to Match ACL Log denies from Tom Kacprzynski on 2012-05-31 (Ccielab archives 05/2012)

From: Tom Kacprzynski <tom.kac_at_gmail.com>
Date: Wed, 30 May 2012 22:54:30 -0500

Hello,
I was reading the ACL configuration guide and came upon this paragraph:

"Packets matching an entry in an ACL with a log option are process
switched. It is not recommended to use the log option on ACLs, but rather
use NetFlow export and match on a destination interface of Null0. This is
done in the CEF path. The destination interface of Null0 is set for any
packet that is dropped by the ACL. "

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/12-4t/sec-access-list-ov.html#GUID-97E3F195-6145-4D3C-A7F2-DE718D3D2204

Does anyone have experience configuring matching denied ACLs on null0? I
wasn't able to configure netflow on null0.

Thank you,

Tom

Blogs and organic groups at http://www.ccie.net
Received on Wed May 30 2012 - 22:54:30 ART

This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:20 ART