Configuration steps, Sample configurations – Brocade Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Multiprotocol Label Switch (MPLS) Configuration Guide

755

53-1003031-02

ACL Support for VE over VPLS

7

•

ACLs applied on the VPLS-VE interface is effective to inbound and outbound traffic received
from or sent to local end-points. The MPLS uplink (VPLS Peer) inbound and outbound traffic is
not filtered by the ACL.

•

The ACLs having VLAN ID in their rule can not be applied to VE over VPLS interfaces.

•

VPLS-VE and ACL definition modifications require explicit rebinding to take effect.

Configuration steps

VE over VPLS uses the same ACL commands as VE for VLANs.

To configuring an ACL on VPLS-VE interface, complete the following steps.

1. Create the access-list.

2. Create the VE over VPLS interface.

3. Apply inbound and outbound ACL on VPLS-VE interface.

Sample configurations

Create an “IN” and “OUT” ACL condition on VE over VPLS interface.
Step 1:

access-list 121 permit tcp any host 10.0.0.2

access-list 121 permit tcp any host 10.0.0.2

access-list 131 permit udp any host 10.0.0.100

Step 2:

vpls a 1

router-interface ve 3

vlan 10

tagged ethernet 3/1 to 3/4

Step 3:

interface ve 3

ip access-group 121 in

ip access-group 131 out

Create an “IN” ACL on specific Ethernet port of a VE over VPLS interface.
Step 1:

ip access-list standard v4_acl

permit tcp host 10.157.22.26 any eq telnet

 Step 2:

vpls b 2

router-interface ve 2

vpls-peer 1.1.1.2

vlan 500

tagged ethe 4/1

vlan 600

tagged ethe 4/2

vlan 700

tagged ethe 4/2