Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
0
Replies

extended ACL and IP fragments

dominiqueadam
Level 1
Level 1

‎10-15-2018 08:47 AM

Hello,

I am looking for the behaviour of extended ACL, including layer 4 / port informations, in the presence of fragmented IP frames.

It seems to be different depending on the use of the ACL, as follows:

- when used in an access-group, layer 4 information are ignored when processing fragments, and the fragment is forwarded if layer 3 information matches.

- when used in a service-policy, the fragment is treated as any unfragmented frame with valid layer 4 informations, hence an erratic behaviour, for instance in policy-map.

Does anyone knows the real processing of fragmented frames by acl? My present concern is to process potentially fragmented frames via QoS (i.e., policy-map ans service-policy).

Dominique A.

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents