[c-nsp] acl on bvi in ios xr (9k) 4.1.2
Jared Mauch
jared at puck.nether.net
Thu Jul 19 14:55:28 EDT 2012
I'm still unclear why so many people want to make something built as a router do BVI. Ethernet switches aren't that expensive in my experience :)
- Jared
On Jul 19, 2012, at 2:50 PM, Aaron wrote:
> Thanks Chip
>
> Yeah, with some of this newer gear and software, it seems like Cisco is
> still learning about Cisco :)
>
> Aaron
>
> -----Original Message-----
> From: chip [mailto:chip.gwyn at gmail.com]
> Sent: Thursday, July 19, 2012 12:56 PM
> To: Aaron
> Cc: Tassos Chatzithomaoglou; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
>
> Ok, so looking at the release notes. Only 4.2.1 supports acl's on BVI
> interfaces and only in the egress direction. Looks like you can
> apply it, but it may not work:
>
> http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/
> general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFA
> A93A
>
> The router snippet I displayed was from a 4.2.0 ASR9006 with a RSP440 and
> my testing indicates that the ACL*WILL* drop packets according to the ACL's
> rules.
>
> I've found that there's still a lack of clarity wrt to 9k's and XR within
> Cisco and its getting a bit frustrating.
>
> --chip
>
> On Thu, Jul 19, 2012 at 1:47 PM, Aaron <aaron1 at gvtc.com> wrote:
>> Thanks Tassos et al, But that list you just sent is in a config doc
>> for 4.2.x
>>
>> So are those bvi limitation in 4.2.x ? chip said that he thinks that
>> bvi acl is supported in 4.2.0 and my SE just told me that too. (she
>> also told me that bvi acl support in 4.2.0 requires the new line cards
>> ! ugh)
>>
>> So I'm confused with that list of bvi limitations within the 4.2.x config
> doc.
>>
>> Aaron
>>
>> -----Original Message-----
>> From: Tassos Chatzithomaoglou [mailto:achatz at forthnetgroup.gr]
>> Sent: Thursday, July 19, 2012 12:18 PM
>> To: cisco-nsp at puck.nether.net
>> Cc: chip; Aaron
>> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
>>
>> Many things missing....
>>
>>
>>
>> http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/in
>> terfaces/configuration/guide/hc42irb.html#wp1011723
>>
>> The following areas are /not/ supported on the BVI:
>>
>> -Access Control Lists (ACLs). However, Layer 2 ACLs can be configured on
> each Layer 2 port of the bridge domain.
>>
>> -IP fast reroute (FRR)
>>
>> -NetFlow
>>
>> -MoFRR
>>
>> -MPLS label switching
>>
>> -mVPNv4
>>
>> -Quality of Service (QoS)
>>
>> -Traffic mirroring
>>
>> -Unnumbered interface for BVI
>>
>> -Video monitoring (Vidmon)
>>
>>
>>
>> --
>> Tassos
>>
>> chip wrote on 19/7/2012 19:45:
>>> interface BVI101
>>> description cust-bgp-1 vlan 101
>>> ipv4 address x.x.x.x 255.255.255.252
>>> ipv4 access-group cust-bgp-1-out-acl egress
>>>
>>> This is gained support in 4.2.0 I think.
>>>
>>> --chip
>>>
>>> On Thu, Jul 19, 2012 at 12:39 PM, Aaron <aaron1 at gvtc.com> wrote:
>>>> Are acl's supported on BVI's ?
>>>>
>>>> I have a phy int g0/0/0/1 with a flow point (sub int) g0/0/0/1.10
>>>> l2transport config'd and put into l2vpn bg:bd with a routed int
>>>> inside that bg:bd as bvi 10
>>>>
>>>>
>>>>
>>>> I would think that the appropriate location to place an ipv4
>>>> access-list would be on the L3 interface , that being the bvi. But
>>>> I don't see the command "ipv4 access-list" under the bvi.
>>>>
>>>>
>>>>
>>>> What am I missing here ?
>>>>
>>>>
>>>>
>>>> Aaron
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>>
>>
>>
>
>
>
> --
> Just my $.02, your mileage may vary, batteries not included, etc....
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list