[f-nsp] access-lists on ve Interfaces
Daniel
daniel at ipv6-network.de
Sun May 27 07:41:34 EDT 2007
Guten Tag Daniel,
am Samstag, 26. Mai 2007 um 12:06 schrieben Sie:
> Hi all,
> is there any way to access-lists on a ve interface?
> I used following setting to do this:
> !
> access-list 102 deny icmp any any administratively-prohibited
> access-list 102 permit ip any any
> !
> interface ve 305
> ip address 192.168.0.1/24
> ip access-group ve-traffic
> ip access-group 102 in
> ip access-group 102 out
> !
> This is only a test access-list which deny icmp
> The access-list dont work on ve interfaces.
i found the solution. After u modify a access-list u need to appley
it "ip rebind-acl all/number/name" in conf t mode.
Then everythink works fine.
--
Mit freundlichen Grüßen
Daniel
mailto:daniel at ipv6-network.de
More information about the foundry-nsp
mailing list