[c-nsp] acl on bvi in ios xr (9k) 4.1.2

Jared Mauch jared at puck.nether.net
Thu Jul 19 14:55:28 EDT 2012


I'm still unclear why so many people want to make something built as a router do BVI.  Ethernet switches aren't that expensive in my experience :)

- Jared

On Jul 19, 2012, at 2:50 PM, Aaron wrote:

> Thanks Chip
> 
> Yeah, with some of this newer gear and software, it seems like Cisco is
> still learning about Cisco  :)
> 
> Aaron
> 
> -----Original Message-----
> From: chip [mailto:chip.gwyn at gmail.com] 
> Sent: Thursday, July 19, 2012 12:56 PM
> To: Aaron
> Cc: Tassos Chatzithomaoglou; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
> 
> Ok, so looking at the release notes.  Only 4.2.1 supports acl's on BVI
> interfaces and only in the egress direction.   Looks like you can
> apply it, but it may not work:
> 
> http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/
> general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFA
> A93A
> 
> The router snippet I displayed was from a 4.2.0 ASR9006 with a  RSP440 and
> my testing indicates that the ACL*WILL* drop packets according to the ACL's
> rules.
> 
> I've found that there's still a lack of clarity wrt to 9k's and XR within
> Cisco and its getting a bit frustrating.
> 
> --chip
> 
> On Thu, Jul 19, 2012 at 1:47 PM, Aaron <aaron1 at gvtc.com> wrote:
>> Thanks Tassos et al, But that list you just sent is in a config doc 
>> for 4.2.x
>> 
>> So are those bvi limitation in 4.2.x ?  chip said that he thinks that 
>> bvi acl is supported in 4.2.0 and my SE just told me that too.  (she 
>> also told me that bvi acl support in 4.2.0 requires the new line cards 
>> ! ugh)
>> 
>> So I'm confused with that list of bvi limitations within the 4.2.x config
> doc.
>> 
>> Aaron
>> 
>> -----Original Message-----
>> From: Tassos Chatzithomaoglou [mailto:achatz at forthnetgroup.gr]
>> Sent: Thursday, July 19, 2012 12:18 PM
>> To: cisco-nsp at puck.nether.net
>> Cc: chip; Aaron
>> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
>> 
>> Many things missing....
>> 
>> 
>> 
>> http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/in
>> terfaces/configuration/guide/hc42irb.html#wp1011723
>> 
>> The following areas are /not/ supported on the BVI:
>> 
>> -Access Control Lists (ACLs). However, Layer 2 ACLs can be configured on
> each Layer 2 port of the bridge domain.
>> 
>> -IP fast reroute (FRR)
>> 
>> -NetFlow
>> 
>> -MoFRR
>> 
>> -MPLS label switching
>> 
>> -mVPNv4
>> 
>> -Quality of Service (QoS)
>> 
>> -Traffic mirroring
>> 
>> -Unnumbered interface for BVI
>> 
>> -Video monitoring (Vidmon)
>> 
>> 
>> 
>> --
>> Tassos
>> 
>> chip wrote on 19/7/2012 19:45:
>>> interface BVI101
>>>  description cust-bgp-1 vlan 101
>>>  ipv4 address x.x.x.x 255.255.255.252
>>>  ipv4 access-group cust-bgp-1-out-acl egress
>>> 
>>> This is gained support in 4.2.0 I think.
>>> 
>>> --chip
>>> 
>>> On Thu, Jul 19, 2012 at 12:39 PM, Aaron <aaron1 at gvtc.com> wrote:
>>>> Are acl's supported on BVI's ?
>>>> 
>>>> I have a phy int g0/0/0/1 with a flow point (sub int) g0/0/0/1.10 
>>>> l2transport config'd and put into l2vpn bg:bd with a routed int 
>>>> inside that bg:bd as bvi 10
>>>> 
>>>> 
>>>> 
>>>> I would think that the appropriate location to place an ipv4 
>>>> access-list would be on the L3 interface , that being the bvi.  But 
>>>> I don't see the command "ipv4 access-list" under the bvi.
>>>> 
>>>> 
>>>> 
>>>> What am I missing here ?
>>>> 
>>>> 
>>>> 
>>>> Aaron
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> 
>>> 
>> 
>> 
> 
> 
> 
> --
> Just my $.02, your mileage may vary,  batteries not included, etc....
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list