[f-nsp] ACL's doesnt work
Calle Lidström
calle at swip.net
Mon Sep 27 05:10:44 EDT 2004
Cliff Albert wrote:
> On Mon, Sep 27, 2004 at 10:12:31AM +0200, Calle Lidstr?m wrote:
>
>
>>I have a BigIron 4000 running 07.7.01cT53 that the ACL's stops working
>>on, it sounds a bit weird.. :-)
>>
>>When I apply the ACL f00-out, everything is working as expected but
>>after ~10 hours 0/0 can connect to 10.1.1.2, any port/protocol.
>>
>>I need to re-apply the access-grup statement on the interface for the
>>ACL to become "active" again.
>>
>>Have anyone seen this problem before?
>
>
> No, but I have the problem of ACL's working in very odd behaviour. They
> are very very very flacky if you apply them on virtual interfaces. I
> know this goes trough CPU however the documentation says that it should
> process it by CAM on 07.7.01 (which I'm also running on a BI4000).
>
> You did an ip rebind-acl all ?
>
>
No, that's a new command for me. Though, I'll try that one next time I
notice the problem.
This behaviour is primarly on ve-interfaces.
/calle
--
Calle Lidström <calle at swip.net>
CDBF CE81 EC99 BB2B 2E2A 7643 EEC1 0F3A 75E9 0D2C
More information about the foundry-nsp
mailing list