Netgear XCM8806 Chassis Hardware Installation Guide - Page 505
enable access-list refresh blackhole, Enables blackholing of packets during ACL refresh.
View all Netgear XCM8806 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 505 highlights
NETGEAR 8800 Chassis Switch CLI Manual Usage Guidelines This command allows control packets to reach the CPU, even if the packets match ACLs that would otherwise deny them. The control packets include STP BPDUs and ARP replies for the switch. If this feature is disabled, these same packets will be denied if an ACL is applied that contains a matching entry that denies the packets. Contrary to expectations, when this feature is disabled, the packets will still be denied if there is a higher precedence entry that permits the packets. To disable this feature, use the following command: disable access-list permit to-cpu Example The following command enables STP BPDU packets to reach the switch CPU, despite any ACL: enable access-list permit to-cpu enable access-list refresh blackhole enable access-list refresh blackhole Description Enables blackholing of packets during ACL refresh. Syntax Description This command has no arguments or variables. Default Enabled. Usage Guidelines When access control lists (ACLs) are refreshed, this command provides that any packets arriving during the refresh will be blackholed. As the ACL is being refreshed, packets may arrive while the ACL is in an indeterminate state, and packets may be permitted that otherwise are dropped. This feature protects the switch during an ACL refresh. To disable this feature, use the following command: disable access-list refresh blackhole Example The following command enables dropping of packets during an ACL refresh: enable access-list refresh blackhole Chapter 13. ACL Commands | 505