[c-nsp] acl on bvi in ios xr (9k) 4.1.2
Tim Kleefass
tim at haitabu.net
Mon Jul 23 09:58:55 EDT 2012
Hi Aaron,
On 23.07.2012 3:16 PM, Aaron wrote:
> Hi Tim, et al, why don't you have your bvi1 listed as a routed interface
> within that bg:bd ?
>
> l2vpn
> bridge group EDFA
> bridge-domain EDFA
> ? interface BVI1 ?
Sorry, copy and paste error. Of course, the bvi1 interface is also in
the bridge-domain as "routed interface BVI1".
l2vpn
bridge group EDFA
bridge-domain EDFA
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
routed interface BVI1
!
!
!
> Also, have you tested real traffic via those foo-out egress acls on those l2
> interfaces?
Yes, it works. (But we have this setup only for management networks,
therefore I cannot say if there are strange caveats)
> I tried that the other day on my gig0/0/0/1.10 and I don't
> recall them working. Am I the only one that thinks it's strange to add
> layer 3 packet filter acl's to a layer 2 transport/bridging interface?
I think that is strange, too, but it works...
-tim
More information about the cisco-nsp
mailing list