Hi, неприятно, но особо не критично (по крайней мере у меня). Для тех, кто не читал на CCO: Headline FLOW: ACLs have a delayed effect on pkts belonging to active flows Release Notes When applying an access-list to an interface, if flow-caching is enabled the flow must time out (up to 30 MINUTES) before the access list is evaluated for the stream. Workaround: On the interface(s) that the access-list(s) have been added to: 1. Disable netflow on that interface (no ip route-cache flow). 2. Wait for inactive flows for that interface to timeout (the default inactive flow timeout is 15 seconds). 3. Re-enable netflow on that interface (ip route-cache flow). The above steps will export out all the flows from the flow cache which have this interface as the input interface. Any subsequent packets will have to undergo the ACL checks before an flow cache entry can be made for that stream. If the ACL denies the packet then the packet will be dropped and a flow cache entry will not be created for that stream (flow). On Sun, Aug 18, 2002 at 12:24:59PM +0300, doka@kiev.sovam.com wrote:

Hi,

CSCdm70194

-- :r !ripewhois DOKA1-RIPE ------------------------------------------------------------------------- Never try to teach a pig to sing. It wastes your time and annoys the pig. -- Lazarus Long, "Time Enough for Love"

=================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message

-- Dmitry A.Deineka DAD1-UANIC DD518-RIPE http://www.itl.net.ua =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message