We have 12.2(18)SXF11 in production and 12.2(33)SXH in test on PFC3bxl. We want to SPAN the internet traffic after the border RACL applied on L3 SVI to reduce the false positive of snort alert such like udp 1443 etc. We SPANned the SVI, but are getting all sort of traffic without filtering. If we remove the same ACL from L3 SVI and apply it to physical interface as PACL, then span the SVI, will we be able to get spanned traffic after the PACL?
Thanks. Schilling _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/