[f-nsp] ACL matching on multicast sources
Brad Fleming
bdflemin at gmail.com
Wed Sep 18 20:47:24 EDT 2013
On Sep 18, 2013, at 7:29 PM, Niels Bakker <niels=foundry-nsp at bakker.net> wrote:
> * bdflemin at gmail.com (Brad Fleming) [Thu 19 Sep 2013, 02:03 CEST]:
>> I'm having an issue trying to match traffic based on IP source of a multicast group. Traffic is flowing through a VE interface if that makes any difference. I know the traffic is actually moving because I'm watching the video broadcast on my laptop right now via VLC. I'm also seeing traffic that should match coming through the port in our sFlow monitoring system. Any suggestions would be appreciated.
>
> Do you have enable-acl-accounting configured? Have you rebound the ACL to the interface after modifying it (assuming you're on an MLX/XMR before 5.4) using "ip rebind-acl internet2_in" in config mode?
>
Yes on both accounts. I see tons of matches for other ACL entries; just not the one I care about. :D
This was a brand new ACL that was configured immediately prior to binding it to the VE interface. I've rebound it for the good measure and I'm still not seeing any accounting matches.
More information about the foundry-nsp
mailing list