[c-nsp] acl on bvi in ios xr (9k) 4.1.2
Aaron
aaron1 at gvtc.com
Mon Jul 23 10:35:48 EDT 2012
Thanks Tim, Wondering if you can check to see if your stuff still works when
your l2transport AC's in bg:bd are subints and not phy ints plz. Also, this
is annoying then that if I have 10 ac's in my bg:bd then I would have to add
that acl to alllll 10 of those interfaces to have like treatment. Ugh.
Aaron
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Kleefass
Sent: Monday, July 23, 2012 8:59 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] acl on bvi in ios xr (9k) 4.1.2
Hi Aaron,
On 23.07.2012 3:16 PM, Aaron wrote:
> Hi Tim, et al, why don't you have your bvi1 listed as a routed
> interface within that bg:bd ?
>
> l2vpn
> bridge group EDFA
> bridge-domain EDFA
> ? interface BVI1 ?
Sorry, copy and paste error. Of course, the bvi1 interface is also in the
bridge-domain as "routed interface BVI1".
l2vpn
bridge group EDFA
bridge-domain EDFA
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/3
!
routed interface BVI1
!
!
!
> Also, have you tested real traffic via those foo-out egress acls on
> those l2 interfaces?
Yes, it works. (But we have this setup only for management networks,
therefore I cannot say if there are strange caveats)
> I tried that the other day on my gig0/0/0/1.10 and I don't recall them
> working. Am I the only one that thinks it's strange to add layer 3
> packet filter acl's to a layer 2 transport/bridging interface?
I think that is strange, too, but it works...
-tim
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list