[c-nsp] acl on bvi in ios xr (9k) 4.1.2

Jared Mauch jared at puck.nether.net
Thu Jul 19 14:58:58 EDT 2012 

	Neither.

	(Unless there's some through a 401k fund i'm
unaware of).

	I think my point is..  If you are buying an asr9k
you can likely afford an ethernet switch vs using an 
expensive router port.

	- Jared

On Thu, Jul 19, 2012 at 01:56:33PM -0500, Aaron wrote:
> Do you work for cisco?  ...own stock?
> 
> :)
> 
> Aaron
> 
> -----Original Message-----
> From: Jared Mauch [mailto:jared at puck.nether.net] 
> Sent: Thursday, July 19, 2012 1:55 PM
> To: Aaron
> Cc: 'chip'; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
> 
> I'm still unclear why so many people want to make something built as a
> router do BVI.  Ethernet switches aren't that expensive in my experience :)
> 
> - Jared
> 
> On Jul 19, 2012, at 2:50 PM, Aaron wrote:
> 
> > Thanks Chip
> > 
> > Yeah, with some of this newer gear and software, it seems like Cisco 
> > is still learning about Cisco  :)
> > 
> > Aaron
> > 
> > -----Original Message-----
> > From: chip [mailto:chip.gwyn at gmail.com]
> > Sent: Thursday, July 19, 2012 12:56 PM
> > To: Aaron
> > Cc: Tassos Chatzithomaoglou; cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
> > 
> > Ok, so looking at the release notes.  Only 4.2.1 supports acl's on BVI
> > interfaces and only in the egress direction.   Looks like you can
> > apply it, but it may not work:
> > 
> > http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k
> > _r4.2/ 
> > general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E2
> > 0F3AFA
> > A93A
> > 
> > The router snippet I displayed was from a 4.2.0 ASR9006 with a  RSP440 
> > and my testing indicates that the ACL*WILL* drop packets according to 
> > the ACL's rules.
> > 
> > I've found that there's still a lack of clarity wrt to 9k's and XR 
> > within Cisco and its getting a bit frustrating.
> > 
> > --chip
> > 
> > On Thu, Jul 19, 2012 at 1:47 PM, Aaron <aaron1 at gvtc.com> wrote:
> >> Thanks Tassos et al, But that list you just sent is in a config doc 
> >> for 4.2.x
> >> 
> >> So are those bvi limitation in 4.2.x ?  chip said that he thinks that 
> >> bvi acl is supported in 4.2.0 and my SE just told me that too.  (she 
> >> also told me that bvi acl support in 4.2.0 requires the new line 
> >> cards ! ugh)
> >> 
> >> So I'm confused with that list of bvi limitations within the 4.2.x 
> >> config
> > doc.
> >> 
> >> Aaron
> >> 
> >> -----Original Message-----
> >> From: Tassos Chatzithomaoglou [mailto:achatz at forthnetgroup.gr]
> >> Sent: Thursday, July 19, 2012 12:18 PM
> >> To: cisco-nsp at puck.nether.net
> >> Cc: chip; Aaron
> >> Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
> >> 
> >> Many things missing....
> >> 
> >> 
> >> 
> >> http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.2/i
> >> n
> >> terfaces/configuration/guide/hc42irb.html#wp1011723
> >> 
> >> The following areas are /not/ supported on the BVI:
> >> 
> >> -Access Control Lists (ACLs). However, Layer 2 ACLs can be configured 
> >> on
> > each Layer 2 port of the bridge domain.
> >> 
> >> -IP fast reroute (FRR)
> >> 
> >> -NetFlow
> >> 
> >> -MoFRR
> >> 
> >> -MPLS label switching
> >> 
> >> -mVPNv4
> >> 
> >> -Quality of Service (QoS)
> >> 
> >> -Traffic mirroring
> >> 
> >> -Unnumbered interface for BVI
> >> 
> >> -Video monitoring (Vidmon)
> >> 
> >> 
> >> 
> >> --
> >> Tassos
> >> 
> >> chip wrote on 19/7/2012 19:45:
> >>> interface BVI101
> >>>  description cust-bgp-1 vlan 101
> >>>  ipv4 address x.x.x.x 255.255.255.252
> >>>  ipv4 access-group cust-bgp-1-out-acl egress
> >>> 
> >>> This is gained support in 4.2.0 I think.
> >>> 
> >>> --chip
> >>> 
> >>> On Thu, Jul 19, 2012 at 12:39 PM, Aaron <aaron1 at gvtc.com> wrote:
> >>>> Are acl's supported on BVI's ?
> >>>> 
> >>>> I have a phy int g0/0/0/1 with a flow point (sub int) g0/0/0/1.10 
> >>>> l2transport config'd and put into l2vpn bg:bd with a routed int 
> >>>> inside that bg:bd as bvi 10
> >>>> 
> >>>> 
> >>>> 
> >>>> I would think that the appropriate location to place an ipv4 
> >>>> access-list would be on the L3 interface , that being the bvi.  But 
> >>>> I don't see the command "ipv4 access-list" under the bvi.
> >>>> 
> >>>> 
> >>>> 
> >>>> What am I missing here ?
> >>>> 
> >>>> 
> >>>> 
> >>>> Aaron
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> 
> >>>> _______________________________________________
> >>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> >>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>> 
> >>> 
> >> 
> >> 
> > 
> > 
> > 
> > --
> > Just my $.02, your mileage may vary,  batteries not included, etc....
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the cisco-nsp mailing list