This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL on VLAN in VRF (flex-uni)

ACL on VLAN in VRF (flex-uni)

jeronimo
Contributor III

4 weeks ago

So we have a flex-uni port on one switch, with i-sid mapped to VLAN on another which is routing the traffic (in a dedicated VR).

All of that works, now the question is, how do I filter it, on the routing switch i.e. assign an access control list to it?

So ingress swithc has the flex-uni port

interface gi 1/1
flex-uni enable
i-sid 12345 
  untagged port 1/1

The routing switch uses

vlan i-sid 99 12345

interface vlan 99
  vrf router1
  ...

i-sid 12345
  c-vid 567 port 1/25
# i.e. there's also a flex-uni for with that i-sid on the routing switch (in case that's important)

I tried

filter acl 101 type inVlan name "ipv4 and arp only"
filter acl vlan 101 99
filter acl ace 101 11 name "allow ipv4"
filter acl ace action 101 11 permit count
filter acl ace ethernet 101 11 ether-type eq ip
filter acl ace 101 11 enable

But counters stay at 0.
I also tried dropping some traffic but that didn't work. 
Leading me to the conclusion that I'm missing something basic.

This seems to easy to fail 😉 Please advise.

Platform is 5520, FE 9.0

0 Kudos
2 REPLIES 2

Roger_Lapuh
Extreme Employee

4 weeks ago

did you try inVSN filter instead?

0 Kudos

jeronimo
Contributor III
In response to Roger_Lapuh

4 weeks ago

Not yet. Usually I don't try random things but would like to understand why one doesn't work and something else must be chosen.

0 Kudos
GTM-P2G8KFN