[c-nsp] L2TPv3 and Filtering

Jeffrey Ollie jeff at ocjtech.us
Tue Apr 8 13:49:35 EDT 2008


On Tue, Apr 8, 2008 at 12:44 PM, Bernd Ueberbacher <noc at mynet.at> wrote:
>
>  I asked almost the same question some time ago and got this answer:
>
> > > Is it possible to interfere the L2TP traffic with access-lists?
> >
> > No. Not on the access side.
>
>  A bit later I got the explanation:
>
>  "AFAIK no. The features applied on ingress are not evaluated on
>  L3 info. We simply encapsulate the raw L2 frame and ship it over."

Hmm... shoot.  Too bad the 3750s (non-E) that these routers plug into
can't do outbound access lists and the input access lists that I tried
on the switches seemed to affect ports other than the one that it was
configured on.  Is there any other way to do the L2 tunneling?  MPLS
maybe?  I know nothing about MPLS and we don't run it currently.

Jeff


More information about the cisco-nsp mailing list