[c-nsp] acl on bvi in ios xr (9k) 4.1.2
tim
tim at haitabu.net
Mon Jul 23 05:15:24 EDT 2012
On 19.07.2012 6:39 PM, Aaron wrote:
> Are acl's supported on BVI's ?
>
> I have a phy int g0/0/0/1 with a flow point (sub int) g0/0/0/1.10
> l2transport config'd and put into l2vpn bg:bd with a routed int inside that
> bg:bd as bvi 10
>
>
>
> I would think that the appropriate location to place an ipv4 access-list
> would be on the L3 interface , that being the bvi. But I don't see the
> command "ipv4 access-list" under the bvi.
We habe a case where two physical interfaces are in a local l2-vpn,
there you can put the ipv4 access-list on the physical interface:
interface GigabitEthernet0/0/0/2
l2transport
ipv4 access-group foo-out egress
!
interface GigabitEthernet0/0/0/3
l2transport
ipv4 access-group foo-out egress
!
interface BVI1
ipv4 address 192.0.2.1/28
!
l2vpn
bridge group EDFA
bridge-domain EDFA
interface GigabitEthernet0/0/0/2
interface GigabitEthernet0/0/0/3
!
!
!
(ASR 9006, IOS XR 4.1.1)
Not intuitive, but works.
In your scenario you can try to put the access-list under int g0/0/0/1.10.
HTH,
Tim
More information about the cisco-nsp
mailing list