On Jan 25, 2013, at 10:16 PM, <vinny_abe...@dell.com> wrote: > Am I understanding the issue correctly?
I ran into those issues back in 2008 when the CoPP docs haven't been "that" clear about the relationship between CoPP, ARP and the glean HWRL. You should mostly be safe when you enable the glean HWRL and, obviously, don't factor those packets needing ARP in your CoPP policy as it wouldn't make much sense in terms of security. What you should be aware of are also side effects when you use uRPF on these boxes. With the whole family in place, so uRPF, the glean HWRL and CoPP, you will most likely not be able to fix all falsely dropped packets due to the platforms restrictions and cornercases. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/