cancel
Showing results for 
Search instead for 
Did you mean: 

ACL on VLAN in VRF (flex-uni)

ACL on VLAN in VRF (flex-uni)

jeronimo
Contributor III

So we have a flex-uni port on one switch, with i-sid mapped to VLAN on another which is routing the traffic (in a dedicated VR).

All of that works, now the question is, how do I filter it, on the routing switch i.e. assign an access control list to it?

So ingress swithc has the flex-uni port

interface gi 1/1
flex-uni enable
i-sid 12345 
  untagged port 1/1

The routing switch uses

vlan i-sid 99 12345

interface vlan 99
  vrf router1
  ...

i-sid 12345
  c-vid 567 port 1/25
# i.e. there's also a flex-uni for with that i-sid on the routing switch (in case that's important)

I tried

filter acl 101 type inVlan name "ipv4 and arp only"
filter acl vlan 101 99
filter acl ace 101 11 name "allow ipv4"
filter acl ace action 101 11 permit count
filter acl ace ethernet 101 11 ether-type eq ip
filter acl ace 101 11 enable

But counters stay at 0.
I also tried dropping some traffic but that didn't work. 
Leading me to the conclusion that I'm missing something basic.

This seems to easy to fail 😉 Please advise.

Platform is 5520, FE 9.0

0 REPLIES 0
GTM-P2G8KFN