01-09-2014 06:29 AM
Hello everyone,
1) Could you tell me why ACL is not working under BVI2?
!
l2vpn
bridge group 2
bridge-domain 2
!
interface GigabitEthernet0/7/0/18
!
interface GigabitEthernet0/7/0/20
!
routed interface BVI2
!
interface BVI2
ipv4 address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet0/7/0/18
description *** DDD ***
negotiation auto
transceiver permit pid all
l2transport
!
ipv4 access-group 120 egress
ipv6 access-group IPV6-ACL egress
!
It is working under a phy interface, but I have a few interfaces under the same Bridge Domain.
I guess it should be working like under SVI.
RP/0/RSP0/CPU0:R01#sh access-lists 120 usage pfilter location all
Thu Jan 9 15:13:08.355 UTC
Interface : GigabitEthernet0/7/0/18
Input ACL : N/A Output ACL : 120
RP/0/RSP0/CPU0:R01#
2) How to see matches per ACL line on IOS-XR?
R02#sh ip access-lists 120
Extended IP access list 120
10 permit ***
...
R02#
Thank you for your time!
--
Best regards,
Dmitry
Solved! Go to Solution.
01-09-2014 09:46 AM
Hello Dmitry,
What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:
HTH,
Rivalino
01-09-2014 09:56 AM
For second question, see example below:
RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3
Thu Jan 27 11:14:45.691 PST
interface GigabitEthernet0/1/0/3
cdp
ipv4 address 12.1.1.2 255.255.255.0
ipv4 access-group ACL egress hardware-count interface-statistics
!
RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL
Thu Jan 27 11:16:18.552 PST
ipv4 access-list ACL
10 permit icmp any host 10.1.1.2
20 permit ipv4 any any
!
Thu Jan 27 11:12:27.749 PST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms
Thu Jan 27 11:18:45.104 PST
ipv4 access-list ACL
10 permit icmp any host 10.1.1.2 (5 hw matches)
20 permit ipv4 any any (2 hw matches)
rivalino
01-09-2014 09:46 AM
Hello Dmitry,
What kind of card do you have and what version is the software? Just fyi, ACL on BVI is supported starting release 4.2.1 for Typhoon card only. Please refer to this:
HTH,
Rivalino
01-09-2014 09:56 AM
For second question, see example below:
RP/0/RP0/CPU0:CRS4A#show run int gi0/1/0/3
Thu Jan 27 11:14:45.691 PST
interface GigabitEthernet0/1/0/3
cdp
ipv4 address 12.1.1.2 255.255.255.0
ipv4 access-group ACL egress hardware-count interface-statistics
!
RP/0/RP0/CPU0:CRS4A#show access-lists ipv4 ACL
Thu Jan 27 11:16:18.552 PST
ipv4 access-list ACL
10 permit icmp any host 10.1.1.2
20 permit ipv4 any any
!
Thu Jan 27 11:12:27.749 PST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/8 ms
Thu Jan 27 11:18:45.104 PST
ipv4 access-list ACL
10 permit icmp any host 10.1.1.2 (5 hw matches)
20 permit ipv4 any any (2 hw matches)
rivalino
01-09-2014 09:42 PM
hello Rivalino,
what can I tell you... THANK YOU VERY MUCH!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: