Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BVI: ACL

Hello everyone,

1) Could you tell me why ACL is not working under BVI2?

!

l2vpn

bridge group 2

  bridge-domain 2

   !

   interface GigabitEthernet0/7/0/18

   !

   interface GigabitEthernet0/7/0/20

   !

   routed interface BVI2

  !

interface BVI2

ipv4 address 10.1.1.1 255.255.255.0

!

interface GigabitEthernet0/7/0/18

description *** DDD ***

negotiation auto

transceiver permit pid all

l2transport

!

ipv4 access-group 120 egress

ipv6 access-group IPV6-ACL egress

!

It is working under a phy interface, but I have a few interfaces under the same Bridge Domain.

I guess it should be working like under SVI.

RP/0/RSP0/CPU0:R01#sh access-lists 120 usage pfilter location all

Thu Jan  9 15:13:08.355 UTC

Interface : GigabitEthernet0/7/0/18

    Input ACL : N/A    Output ACL : 120

RP/0/RSP0/CPU0:R01#

2) How to see matches per ACL line on IOS-XR?

R02#sh ip access-lists 120     

Extended IP access list 120

    10 permit ***

   ...

    200 deny ip any any (24463 matches)

R02#

Thank you for your time! 

--

Best regards,

Dmitry

  • XR OS and Platforms
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

BVI: ACL

Hello Dmitry,

What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:

http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFAA93A

HTH,

Rivalino

Cisco Employee

BVI: ACL

For second question, see example below:

RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3

Thu Jan 27 11:14:45.691 PST

interface GigabitEthernet0/1/0/3

cdp

ipv4 address 12.1.1.2 255.255.255.0

ipv4 access-group ACL egress hardware-count interface-statistics

!

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL

Thu Jan 27 11:16:18.552 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2

20 permit ipv4 any any

!

RP/0/RP0/CPU0:CRS4A#ping 10.1.1.2                                                                               

Thu Jan 27 11:12:27.749 PST

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL hardware egress interface gigabitEthernet 0/1/0/3 location 0/1/cpu0

Thu Jan 27 11:18:45.104 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2 (5 hw matches)

20 permit ipv4 any any (2 hw matches)

rivalino

3 REPLIES
Cisco Employee

BVI: ACL

Hello Dmitry,

What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:

http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFAA93A

HTH,

Rivalino

Cisco Employee

BVI: ACL

For second question, see example below:

RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3

Thu Jan 27 11:14:45.691 PST

interface GigabitEthernet0/1/0/3

cdp

ipv4 address 12.1.1.2 255.255.255.0

ipv4 access-group ACL egress hardware-count interface-statistics

!

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL

Thu Jan 27 11:16:18.552 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2

20 permit ipv4 any any

!

RP/0/RP0/CPU0:CRS4A#ping 10.1.1.2                                                                               

Thu Jan 27 11:12:27.749 PST

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL hardware egress interface gigabitEthernet 0/1/0/3 location 0/1/cpu0

Thu Jan 27 11:18:45.104 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2 (5 hw matches)

20 permit ipv4 any any (2 hw matches)

rivalino

New Member

BVI: ACL

hello Rivalino,

what can I tell you...  THANK YOU VERY MUCH!!!

359
Views
0
Helpful
3
Replies
This widget could not be displayed.