Disabling "ip unreachables" on Sup720/MSFC3 (Hybrid)
Can anybody explain the following results:
1. If I send 5 pings access-list counter on the MSFC3 is incremented by 10...
2. If I set "no ip unreachables" on the MSFC it is still incremented by 10 (I see that unreachables are not sent)...
3. If I set "no ip redirects" on the MSFC the access-list hit counter is no longer incremented (this is good), but this disables unreachables too... I mean if I enable them with "ip unreachables" it has no effect when "no ip redirects" is set...
RACL is configured on a single MSFC interface, so no ACLs sharing, etc. CatOS 8.5(6) with 12.2(18)SXF5 IOS.
- what is the corect way to disable unreachables on the MSFC3 and/or Sup?
- is it possible to see MSFC RACLs programmed into the hardware under CatOS? The Native IOS can show them.
- does CatOS or Native IOS support hardware RACL counters (something like hardware VACL counters)?
Re: Disabling "ip unreachables" on Sup720/MSFC3 (Hybrid)
All of the traffic: icmp, tcp, udp which is below 100 pps is sent to the MSFC3 without rate-limiting because "unreachable" or "redirect" might be needed (this is correct behaviour). Then it is counted twice by the MSFC3 RACL (this seems to be a bug). If "no ip redirects" is set on the MSFC3 sending packets to the MSFC for processing is disabled. "No ip unreachables" seems to not have any effect (IMO this is a bug too).
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...