Use this procedure to apply an IPv4 or IPv6 ACL to a VE interface (attached to a bridge-domain).
Note
For details of VE on bridge-domain, refer to
Extreme SLX-OS Layer 2 Switching Configuration Guide.
-
Enter the
configure terminal command to access global configuration mode.
device# configure terminal
-
Make sure that the Layer 3 ACL you require is defined.
- IPv4
device(config)# ip access-list extended ipv4_1
device(conf-ipacl-ext)# permit ip host 1.1.1.1 any count
device(conf-ipacl-ext)# exit
- IPv6
device(config)# ipv6 access-list standard stdV6ACL_1
device(conf-ipv6-std)# seq 10 permit 2001:db8:85a3:0:0:8a2e:370:7334
device(conf-ipv6-std)# seq 11 deny any
device(conf-ipv6-std)# exit
-
Make sure that a non-default pseudowire profile is defined, with tagging mode enabled.
device(config)# pw-profile temp
device(config-pw-profile-temp)# vc-mode tag
device(config-pw-profile-temp)# exit
-
Make sure that a logical interface is defined on a physical interface.
device(config)# interface ethernet 0/7
device(conf-if-eth-1/3)# switchport
device(conf-if-eth-1/3)# switchport mode trunk
device(conf-if-eth-1/3)# logical-interface ethernet 0/7.100
device(conf-if-eth-lif-0/7.100)# vlan 100
-
Make sure that the bridge-domain you require is configured, with a VE attached as router interface.
device(config)# bridge-domain 10
device(config-bridge-domain-10)# pw-profile temp
device(config-bridge-domain-10)# vc-id 10
device(config-bridge-domain-10)# peer 12.12.12.12
device(config-bridge-domain-10)# router-interface Ve 10
-
Access the VE attached to the bridge-domain.
device(config-bridge-domain-10)# exit
device(config)# interface ve 10
-
Enter the
ip/ipv6 access-group command, specifying the ACL that you are applying to the VE.
-
Enter the
no shutdown command.
device(config-if-Ve-10)# no shutdown
