Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. foundry
acls on foundry devices
anil at kadium
Jan 27, 2005, 6:41 AM
Post #1 of 2 (852 views)
Permalink
Hi,

We are using Foundry BigIron(MG8) and FastIron 4802-PREM devices in our datacenter. I'm new to foundry. I want to know the difference between applying acls on physical interfaces and virtual interfaces w.r.t both BigIron and FI4802. I observed that when we apply acls on FI4802 and do "sh access-list xxx" it's displays as below with some rule cams: (I applied this acl to a virtual routing interface)

FI4802#sh access-list xxx
Show ACL counter List......
ACL counter List : 1290 bytes

Extended IP access list xxx (Total rule cams used: 32)
permit tcp any any eq 25(Rule cams used: 1)
permit tcp any any established (Rule cams used: 1)

But if you apply an acl on BigIron to a physical interface and do "sh access-list xxx", it did not display any rule cam info. Why is it so? Any ideas?

Thanks,
Anil
acls on foundry devices [ In reply to ]
mkallen at gmail
Jan 31, 2005, 7:29 PM
Post #2 of 2 (840 views)
Permalink
Hi Anil,

The MG8 and the FI4802 use different OS images, so there are just
different features in each. The cam entries refers to the number of
entries in the layer 4 cam that are being used per acl. Really what
you are seeing is just a difference in display, the FI4802 is giving
you a little more info.

Mike

On Thu, 27 Jan 2005 11:39:26 GMT, anil at kadium.us <anil at kadium.us> wrote:
>
> Hi,
>
> We are using Foundry BigIron(MG8) and FastIron 4802-PREM devices in our datacenter. I'm new to foundry. I want to know the difference between applying acls on physical interfaces and virtual interfaces w.r.t both BigIron and FI4802. I observed that when we apply acls on FI4802 and do "sh access-list xxx" it's displays as below with some rule cams: (I applied this acl to a virtual routing interface)
>
> FI4802#sh access-list xxx
> Show ACL counter List......
> ACL counter List : 1290 bytes
>
> Extended IP access list xxx (Total rule cams used: 32)
> permit tcp any any eq 25(Rule cams used: 1)
> permit tcp any any established (Rule cams used: 1)
>
> But if you apply an acl on BigIron to a physical interface and do "sh access-list xxx", it did not display any rule cam info. Why is it so? Any ideas?
>
> Thanks,
> Anil
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal