For an customer project i use access-list / policy to block VRRP multicast traffic to achieve VRRP Active / Active Situation. i have a X670V with V18.104.22.168 patch 1-4.
To block multicast traffic i have to apply the ACL to the ISC Link - in my setup this is a sharing of 1:49 and 2:49 (40GB Link).
My question is now - why should i have to bind the ACL in both sharing ports (it only works if i bind this in both ports) ?! I expect because this is a sharing link i have only bind this to the config master port ?!
Secondly - how can i check if a ACL have hits ?
* Slot-1 XXXXXXX.29 # sh access-list counter ingress
* Slot-1 XXXXXXX.29 #
* Slot-1 XXXXXXX.31 # sh access-list counter ports 2:49 ingress
* Slot-1 XXXXXXX.31 #
No Command (which i guess that seems to be correct) does generate any output!
Bug or feature ?