the 4G SSL is running ver 11.0.00aTI4
Youssef Ghorbal
------------------------------------
On May 1, 2009, at 3:59 PM, Ryan DeBerry wrote:
What version of code are you running?
On Fri, May 1, 2009 at 12:44 PM, Youssef Ghorbal <[email protected]
> wrote:
Hello,
We are migration a ServerIronXL to a 4G SSL box. Both act in
L3 mode (they are "routers" and not "switchs")
In the ServerIronXL we used to have an ACL on the uplink
interface of the box. Something like :
interface ethernet 1
ip access-group ALL-IN in
The ACL is applied on the ethernet interface and not on VE.
In the 4G SSL box, the ip access-group command does not exist
in the "interface ethernet 1" context. But does in the VE context
(ip interace ve 1)
It seems that ACLs apply per VLAN bases now.
Also, in the documentation, a disctinction is made between
flow-based ACLs and rule-based ACLs but I can't see the reel
difference between the two. In which case is it usefull to do flow-
based ACLs and in which it doesn't.
My problem is this :
In the past we used to have a "big" ACL applied on the uplink
port. The big ACL contains rules regarding all subnets (VEs)
configured on the ServerIronXL
On the 4G SSL, ACLs are applied on VE basis. And I have to
choose to use rule-based or flow-based ACLs.
Should I keep the big ACL and apply it to all VE interfaces ?
Should I make an ACL per VE ? (devide the big ACL in little
ones)
Should I activate flow-based ACLs or rule-based ones ? It
would be nice if someone can explain me the exact difference between
them.
Regards,
Youssef Ghorbal
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp
<ATT00001.txt>
_______________________________________________
foundry-nsp mailing list
[email protected]
http://puck.nether.net/mailman/listinfo/foundry-nsp
