I beg to differ. As a former employee of Cisco, you comments about ACL's on E0 and E1 cards are totally off base. I'm not sure where you got this "information", but it is most certainly not the case. Standard ACL's & Extended ACL's have been supported by the E0's and E1's that were released in 12.0(5)S (most) and 12.0(6)S (2 port OC-12 DPT) versions of IOS. This includes the 8 port FE and 1 port GE cards. This includes support by the development organization that oversees software on the GSR, and by the TAC. (Whether the TAC engineer is capable of supporting you is another issue.) Turbo ACL's were added in 12.0(6)S for all E0 and E1 cards that were out at the time. One correct point in your statement is that newer rev's of software are better at not allowing you to implement ACL's on interfaces that the hardware/software doesn't support. This includes ACL's, NetFlow, CAR, and others. Further there is no E2 based 10xGIGE card. The E2 is only a 2.5Gig engine, so you can at MOST run 1/4 line rate, and they aren't that crazy. Did you mean the E4/E4+ based cards that are in development? David -----Original Message----- From: Andrew C. Ohnstad [mailto:andrewo@gblx.net] Sent: Monday, July 23, 2001 7:20 AM To: Mikael Abrahamsson Cc: nanog@merit.org Subject: Re: Netflow bug on 3-GE cards (Trident) in Cisco GSRs On Sat, Jul 21, 2001 at 09:37:36AM +0200, Mikael Abrahamsson wrote:
On Fri, 20 Jul 2001, Dani Roisman wrote:
Turns out you can only run netflow on the first port of a 3-GigE
port
on the current S-tract software rev. If you have been struggling with this as well, I'm eager to hear about it off-list.
In 12.0.15S you cannot use access-lists on subinterface on the 3GE either. Wonder if that's a software bug too, or hardware limitation (like the MTU difference on the 3GE compared to the 1GE).
Actually Cisco has never supported ACLs on Engine 0 or Engine 1 cards in the GSR. Used to be that you could apply those ACLs, but they were implemented by the router very erratically. Cisco finally removed the ability to apply ACLs to an ineligible interface because the TAC was tired of telling people "it's not supported, even though it's there." Best wait another 6 months for the Engine 2 10xGIGE card which will support ACLs, or change to/add something from the 7xxx platform. DownReving the router isn't really an option, like I said because the ACLs never really worked right anyway. I don't remember the exact details (I can get them if anyone wants) but I believe it did something like arbitrarily testing random packets with random rules, whereas some packets would get thru without being checked at all. -- =-=andrewo