flow setup done before ACLs?

S-Series hardware - is the flow setup within the system ASIC done before handling ACLs?

2 replies

From what I've ssen, the ACLs are called last, meaning you can't use an ACL to prevent a flow from being set-up 😞
Flow setup is done by the forwarding engine sending unknown traffic to the cpu. if there is an ACL that denies the connection the flow should not be allowed.