Kaneko-San, My replies are inline below.
> On 1 Feb 2018, at 02:38, kaneko <kaneko.hito...@lab.ntt.co.jp> wrote: > > Hello, my name is Hitoshi Kaneko. > > I belong to NTT Laboratories. > > I evaluate VPP and there have been questions. > > > > (1)Question 1 > > I have wanted to evaluate Access Control List of VPP. > > About this feature, I have read VPP Documents “1.3 VAT CLI, > VPP/SecurityGroups”. > > There is a sentence “The ACL plugin does not supply the "supported" debug CLI > for configuration, but has the full support for talking to it via VAT CLI, > which are documented below” , at the beginning. > > Does this mean that to register ACL rules can be done but ACL doesn’t “work” ? > > I could register ACL rules with acl_add_replace command, but the ACL rules > did not work > You would also need to apply the acl rules to an interface via another call, acl_interface_set_acl_list, you can look here for an example: https://wiki.fd.io/view/VPP/SecurityGroups#acl_interface_set_acl_list_:_set_the_list_of_inbound.2Boutbound_ACLs_for_a_given_interface > > > (2)Question 2 > > If ACL doesn’t work about “1.3 VAT CLI, VPP/SecurityGroups”, does ACL work > about any other feature, for example, “set interface ip table” command, “set > ip source-and-port-range-check” command, and etc. . > Acl is used at this time only for ingress and egress filtering on the interfaces. Kind regards, Andrew > > > Regards, > > Hitoshi Kaneko > > > > E-mail: kaneko.hito...@lab.ntt.co.jp > > Phone: +81 422 59 4946 > > _______________________________________________ > vpp-dev mailing list > vpp-dev@lists.fd.io > https://lists.fd.io/mailman/listinfo/vpp-dev
_______________________________________________ vpp-dev mailing list vpp-dev@lists.fd.io https://lists.fd.io/mailman/listinfo/vpp-dev
