What version of code are you running? On Fri, May 1, 2009 at 12:44 PM, Youssef Ghorbal <[email protected] > wrote:
> Hello, > > We are migration a ServerIronXL to a 4G SSL box. Both act in L3 mode > (they are "routers" and not "switchs") > In the ServerIronXL we used to have an ACL on the uplink interface > of the box. Something like : > > interface ethernet 1 > ip access-group ALL-IN in > > The ACL is applied on the ethernet interface and not on VE. > In the 4G SSL box, the ip access-group command does not exist in the > "interface ethernet 1" context. But does in the VE context (ip interace ve > 1) > It seems that ACLs apply per VLAN bases now. > > Also, in the documentation, a disctinction is made between > flow-based ACLs and rule-based ACLs but I can't see the reel difference > between the two. In which case is it usefull to do flow-based ACLs and in > which it doesn't. > > My problem is this : > In the past we used to have a "big" ACL applied on the uplink port. > The big ACL contains rules regarding all subnets (VEs) configured on the > ServerIronXL > On the 4G SSL, ACLs are applied on VE basis. And I have to choose to > use rule-based or flow-based ACLs. > > Should I keep the big ACL and apply it to all VE interfaces ? > Should I make an ACL per VE ? (devide the big ACL in little ones) > Should I activate flow-based ACLs or rule-based ones ? It would be > nice if someone can explain me the exact difference between them. > > Regards, > Youssef Ghorbal > > > > > > _______________________________________________ > foundry-nsp mailing list > [email protected] > http://puck.nether.net/mailman/listinfo/foundry-nsp >
_______________________________________________ foundry-nsp mailing list [email protected] http://puck.nether.net/mailman/listinfo/foundry-nsp
