On Fri, Jan 25, 2008 at 12:19:20PM +0200, Tassos Chatzithomaoglou wrote: > Has anyone real world experience of using these 2 features (Reflexive > ACLs or CBAC) on 6500 with MSFC2 (SUP2) or MSFC3 (SUP720)?
depends on your environment. if you can limit the traffic that that would trigger the reflexive acl with acls on your edge or are only triggering the reflexive acl with your own traffic, they can be used. they should be used in corner cases. for instance, i have two NTP servers on my network and use them to allow the return traffic from outside NTP servers. the acl is specific to those two servers and can only be triggered by ntp traffic from those servers. for them to go haywire, my ntp servers would have to start sending ntp traffic to many destinations. that's the kind of corner case i would use them for on msfc platform. beyond things like that, as Roland says, avoid them. -- bill _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/