cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
0
Helpful
3
Replies

BVI: ACL

kozorezdi
Level 1
Level 1

Hello everyone,

1) Could you tell me why ACL is not working under BVI2?

!

l2vpn

bridge group 2

  bridge-domain 2

   !

   interface GigabitEthernet0/7/0/18

   !

   interface GigabitEthernet0/7/0/20

   !

   routed interface BVI2

  !

interface BVI2

ipv4 address 10.1.1.1 255.255.255.0

!

interface GigabitEthernet0/7/0/18

description *** DDD ***

negotiation auto

transceiver permit pid all

l2transport

!

ipv4 access-group 120 egress

ipv6 access-group IPV6-ACL egress

!

It is working under a phy interface, but I have a few interfaces under the same Bridge Domain.

I guess it should be working like under SVI.

RP/0/RSP0/CPU0:R01#sh access-lists 120 usage pfilter location all

Thu Jan  9 15:13:08.355 UTC

Interface : GigabitEthernet0/7/0/18

    Input ACL : N/A    Output ACL : 120

RP/0/RSP0/CPU0:R01#

2) How to see matches per ACL line on IOS-XR?

R02#sh ip access-lists 120     

Extended IP access list 120

    10 permit ***

   ...

    200 deny ip any any (24463 matches)

R02#

Thank you for your time! 

--

Best regards,

Dmitry

2 Accepted Solutions

Accepted Solutions

Rivalino Tamaela
Cisco Employee
Cisco Employee

Hello Dmitry,

What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:

http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFAA93A

HTH,

Rivalino

View solution in original post

Rivalino Tamaela
Cisco Employee
Cisco Employee

For second question, see example below:

RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3

Thu Jan 27 11:14:45.691 PST

interface GigabitEthernet0/1/0/3

cdp

ipv4 address 12.1.1.2 255.255.255.0

ipv4 access-group ACL egress hardware-count interface-statistics

!

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL

Thu Jan 27 11:16:18.552 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2

20 permit ipv4 any any

!

RP/0/RP0/CPU0:CRS4A#ping 10.1.1.2                                                                               

Thu Jan 27 11:12:27.749 PST

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL hardware egress interface gigabitEthernet 0/1/0/3 location 0/1/cpu0

Thu Jan 27 11:18:45.104 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2 (5 hw matches)

20 permit ipv4 any any (2 hw matches)

rivalino

View solution in original post

3 Replies 3

Rivalino Tamaela
Cisco Employee
Cisco Employee

Hello Dmitry,

What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:

http://www.cisco.com/en/US/partner/docs/routers/asr9000/software/asr9k_r4.2/general/release/notes/reln_a9k_421.html#concept_641E24E225D747C08099E20F3AFAA93A

HTH,

Rivalino

Rivalino Tamaela
Cisco Employee
Cisco Employee

For second question, see example below:

RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3

Thu Jan 27 11:14:45.691 PST

interface GigabitEthernet0/1/0/3

cdp

ipv4 address 12.1.1.2 255.255.255.0

ipv4 access-group ACL egress hardware-count interface-statistics

!

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL

Thu Jan 27 11:16:18.552 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2

20 permit ipv4 any any

!

RP/0/RP0/CPU0:CRS4A#ping 10.1.1.2                                                                               

Thu Jan 27 11:12:27.749 PST

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms

RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL hardware egress interface gigabitEthernet 0/1/0/3 location 0/1/cpu0

Thu Jan 27 11:18:45.104 PST

ipv4 access-list ACL

10 permit icmp any host 10.1.1.2 (5 hw matches)

20 permit ipv4 any any (2 hw matches)

rivalino

hello Rivalino,

what can I tell you...  THANK YOU VERY MUCH!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: