[f-nsp] ACL issue on ve interfaces on a BigIron box
Cliff Albert
cliff-nsp at oisec.net
Wed Sep 17 03:55:59 EDT 2003
Hi there,
At the moment I am experiencing some issues considering ACL's on ve
interfaces. Especially ve interfaces where the vlan has more then 1
port.
Sometimes the ACL will filter traffic that is NOT inside the vlan, but
does flow over one of the two ports that are in the vlan. As we have
more then 1 vlan tagged on these ports, the traffic involved is from
another vlan. For example:
Port 1: VLAN 5, VLAN 20, VLAN 30
Port 2: VLAN 5, VLAN 40, VLAN 31
If traffic from VLAN 20 goes to VLAN 31 (thus passing over both ports)
sometimes traffic gets ACL'd away. We see this because a logging
statement on VLAN 5.
Anyone else seen this ?
--
Cliff Albert | RIPE: CA3348-RIPE | https://oisec.net/
cliff at oisec.net | 6BONE: CA2-6BONE |
PGP Fingerprint = 9ED4 1372 5053 937E F59D B35F 06A1 CC43 9A9B 1C5A
More information about the foundry-nsp
mailing list