Looks okay, theoretically, vacl map would allow packets that the acl permits from host .4 from subnet 1.1.1.x and vise versa. I would be careful with log keyword, this would cause the packet be processed in software which would casue the cpu to spike.
I was testing the acl in the first post and it should have only allowed port 80 to the server and port 25 out. However, it did not work because I could still RDP to the box. So, I tested with deny any any and I still could rdp tothe box. I was expecting no access in or out with the deny.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...