11 hours ago
So we have a flex-uni port on one switch, with i-sid mapped to VLAN on another which is routing the traffic (in a dedicated VR).
All of that works, now the question is, how do I filter it, on the routing switch i.e. assign an access control list to it?
So ingress swithc has the flex-uni port
interface gi 1/1
flex-uni enable
i-sid 12345
untagged port 1/1
The routing switch uses
vlan i-sid 99 12345
interface vlan 99
vrf router1
...
i-sid 12345
c-vid 567 port 1/25
# i.e. there's also a flex-uni for with that i-sid on the routing switch (in case that's important)
I tried
filter acl 101 type inVlan name "ipv4 and arp only"
filter acl vlan 101 99
filter acl ace 101 11 name "allow ipv4"
filter acl ace action 101 11 permit count
filter acl ace ethernet 101 11 ether-type eq ip
filter acl ace 101 11 enable
But counters stay at 0.
I also tried dropping some traffic but that didn't work.
Leading me to the conclusion that I'm missing something basic.
This seems to easy to fail 😉 Please advise.
Platform is 5520, FE 9.0