RE: acl placement & inheritence

From: ccie2be (ccie2be@nyc.rr.com)
Date: Wed Jul 20 2005 - 12:46:35 GMT-3

• Next message: Joe Smith: "RE: Preventing routing loops in this BGP situation"
• Previous message: Brian McGahan: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Montiean,

Thanks for verifying that. I expected to see the results you got but I
wanted to be 100% sure.

What I find interesting is that a while back there was a discussion here on
GS regarding where to apply an MQC policy - to a physical interface or to
the subinterfaces. Interestingly, with MQC there are situations where the
policy applied at the physical interface level are inherited by the
sub-interface level.

As it always seems to happen, I can't remember all the details but I think
one of the factors that affects inheritance is the direction the policy is
applied.

Thanks again, Tim

-----Original Message-----
From: Montiean [mailto:noktes@bellsouth.net]
Sent: Wednesday, July 20, 2005 1:44 PM
To: ccie2be; Group Study
Subject: Re: acl placement

Hi Tim,
  I lab it up and it does not affect any thing. Are you trying to check
something?

interface Serial0/0
 no ip address
 ip access-group 55 in
 ip access-group 55 out
 encapsulation frame-relay IETF
 no fair-queue
 no frame-relay inverse-arp
 frame-relay lmi-type cisco
!
interface Serial0/0.4 point-to-point
 ip address 10.110.110.6 255.255.255.0
 frame-relay interface-dlci 604
!
interface Serial0/0.7 point-to-point
 ip address 10.100.100.6 255.255.255.0
 frame-relay interface-dlci 607

r6#show access-li 55
Standard IP access list 55
    10 deny any log

r6#ping 10.110.110.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.110.110.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
r6#ping 10.100.100.7

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.100.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms

HTH,
Montiean

----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Wednesday, July 20, 2005 5:57 AM
Subject: acl placement

> Hi guys,
>
> Let's say I have a f/r hub and spoke topology where the hub has 2 p2p
> sub-interfaces.
>
> I also have to filter the same traffic from both spokes.
>
> If I apply the acl to the physical interface will that have the same
effect
> as applying the acl to both sub-interfaces?
>
> Sorry for posting this but at the moment I can't test this myself.
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joe Smith: "RE: Preventing routing loops in this BGP situation"
• Previous message: Brian McGahan: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3