[c-nsp] acl on bvi in ios xr (9k) 4.1.2

chip chip.gwyn at gmail.com
Thu Jul 19 13:55:43 EDT 2012 

Ok, so looking at the release notes.  Only 4.2.1 supports acl's on BVI
interfaces and only in the egress direction.   Looks like you can
apply it, but it may not work:

http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFAA93A

The router snippet I displayed was from a 4.2.0 ASR9006 with a  RSP440
and my testing indicates that the ACL*WILL* drop packets according to
the ACL's rules.

I've found that there's still a lack of clarity wrt to 9k's and XR
within Cisco and its getting a bit frustrating.

--chip

On Thu, Jul 19, 2012 at 1:47 PM, Aaron <aaron1 at gvtc.com> wrote:
> Thanks Tassos et al, But that list you just sent is in a config doc for 4.2.x
>
> So are those bvi limitation in 4.2.x ?  chip said that he thinks that bvi acl is supported in 4.2.0 and my SE just told me that too.  (she also told me that bvi acl support in 4.2.0 requires the new line cards ! ugh)
>
> So I'm confused with that list of bvi limitations within the 4.2.x config doc.
>
> Aaron
>
> -----Original Message-----
> From: Tassos Chatzithomaoglou [mailto:achatz at forthnetgroup.gr]
> Sent: Thursday, July 19, 2012 12:18 PM
> To: cisco-nsp at puck.nether.net
> Cc: chip; Aaron
> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
>
> Many things missing....
>
>
>
> http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/interfaces/configuration/guide/hc42irb.html#wp1011723
>
> The following areas are /not/ supported on the BVI:
>
> –Access Control Lists (ACLs). However, Layer 2 ACLs can be configured on each Layer 2 port of the bridge domain.
>
> –IP fast reroute (FRR)
>
> –NetFlow
>
> –MoFRR
>
> –MPLS label switching
>
> –mVPNv4
>
> –Quality of Service (QoS)
>
> –Traffic mirroring
>
> –Unnumbered interface for BVI
>
> –Video monitoring (Vidmon)
>
>
>
> --
> Tassos
>
> chip wrote on 19/7/2012 19:45:
>> interface BVI101
>>   description cust-bgp-1 vlan 101
>>   ipv4 address x.x.x.x 255.255.255.252
>>   ipv4 access-group cust-bgp-1-out-acl egress
>>
>> This is gained support in 4.2.0 I think.
>>
>> --chip
>>
>> On Thu, Jul 19, 2012 at 12:39 PM, Aaron <aaron1 at gvtc.com> wrote:
>>> Are acl's supported on BVI's ?
>>>
>>> I have a phy int g0/0/0/1 with a flow point (sub int) g0/0/0/1.10
>>> l2transport config'd and put into l2vpn bg:bd with a routed int
>>> inside that bg:bd as bvi 10
>>>
>>>
>>>
>>> I would think that the appropriate location to place an ipv4
>>> access-list would be on the L3 interface , that being the bvi.  But I
>>> don't see the command "ipv4 access-list" under the bvi.
>>>
>>>
>>>
>>> What am I missing here ?
>>>
>>>
>>>
>>> Aaron
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>
>



-- 
Just my $.02, your mileage may vary,  batteries not included, etc....

More information about the cisco-nsp mailing list