Hello,
I am looking for the behaviour of extended ACL, including layer 4 / port informations, in the presence of fragmented IP frames.
It seems to be different depending on the use of the ACL, as follows:
- when used in an access-group, layer 4 information are ignored when processing fragments, and the fragment is forwarded if layer 3 information matches.
- when used in a service-policy, the fragment is treated as any unfragmented frame with valid layer 4 informations, hence an erratic behaviour, for instance in policy-map.
Does anyone knows the real processing of fragmented frames by acl? My present concern is to process potentially fragmented frames via QoS (i.e., policy-map ans service-policy).
Dominique A.