Sakthi-
If you want to block IP transit traffic, remember that the provider core is running MPLS, and traffic is label switched there. An IP access-list on a P router in the core would not specifically stop the transit traffic, because the forwarding decisions are made on the tags using the LFIB and not the IP information in each packet.
Best wishes,
Keith H. Barker, CCIE #6783
Instructor
kbarker_at_ine.com
Internetwork Expert, Inc.
http://ine.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
On Apr 9, 2010, at 12:59 PM, sakthi vadivel wrote:
> Hi ,
>
> Is it a right layer or location to configure ACL on MPLS PE's ? (BASED ON
> REQUIREMENT) ; For example , if i need to drop TCP port 45 packet before
> going to internet ? Is it a right practice to drop in the MPLS PE using ACL
> or Is it right to do it on Core ?
>
> As per my Cisco's knowledge , it would be on Access or Distribution layer
> .Core is to switch packet as fast as possible with redundant links ..
>
> Any inputs.?
>
> regards,
> sakthi
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 09 2010 - 16:15:12 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART