RE: Netflow bug on 3-GE cards (Trident) in Cisco GSRs

I beg to differ.

As a former employee of Cisco, you comments about ACL's on E0 and E1
cards are totally off base. I'm not sure where you got this
"information", but it is most certainly not the case.

Standard ACL's & Extended ACL's have been supported by the E0's and E1's
that were released in 12.0(5)S (most) and 12.0(6)S (2 port OC-12 DPT)
versions of IOS. This includes the 8 port FE and 1 port GE cards. This
includes support by the development organization that oversees software
on the GSR, and by the TAC. (Whether the TAC engineer is capable of
supporting you is another issue.)

Turbo ACL's were added in 12.0(6)S for all E0 and E1 cards that were out
at the time.

One correct point in your statement is that newer rev's of software are
better at not allowing you to implement ACL's on interfaces that the
hardware/software doesn't support. This includes ACL's, NetFlow, CAR,
and others.

Further there is no E2 based 10xGIGE card. The E2 is only a 2.5Gig
engine, so you can at MOST run 1/4 line rate, and they aren't that
crazy. Did you mean the E4/E4+ based cards that are in development?

David

I apologize, I made a couple mistakes in my response. ACLs are not
supported on E0 and E1 Gig/FE cards. You used to be able to do them anyways,
but they didn't work. They were removed in recient releases. They will
be supported by (and re-enabled on) the Engine3 10 port GigE cards under
development.

We found this out the hard way when we upgraded a pair of GSR with GigE
"DMZ" type interfaces behind it. We had to scramble to install a 7xxx
series routers to serve as dedicated DMZ routers and do the ACLs on them.

They are not supported on (802.1q/ISL) sub interfaces, but they
are supported on the physical interface.

/Jesper