Recently I was trying to configure ACLs on several of my VLANs with mixed results. Some would work, some wouldn't. Sometimes they'd work fine from one access layer switch and not work from another. I filed a ticket with Brocade and they suggest I upgrade my firmware to NOS 6.0.2f, but that didn't help either.
Here's an example of one of my virtual interfaces on the router:
rbridge-id 1
interface Ve 55
ip access-group vlan55acl in
ip dhcp relay address 10.100.110.29
ip proxy-arp
ip address 10.100.55.2/24
vrrp-extended-group 55
virtual-ip 10.100.55.1
advertisement-interval 1
enable
no preempt-mode
short-path-forwarding
!
no shutdown
After LOTS of banging my head against a wall I finally discovered that the short-path-forwarding command in the vrrp group was to blame. Occasionally traffic would arrive at a VE from an odd direction and would be stopped by the access list. Removing the short-path-forwarding command from the vrrp groups on all rbridges solved my problem
rbridge-id 1
interface Ve 55
ip access-group vlan55acl in
ip dhcp relay address 10.100.110.29
ip proxy-arp
ip address 10.100.55.2/24
vrrp-extended-group 55
virtual-ip 10.100.55.1
advertisement-interval 1
enable
no preempt-mode
!
no shutdown
interface Ve 55
ip access-group vlan55acl in
ip dhcp relay address 10.100.110.29
ip proxy-arp
ip address 10.100.55.2/24
vrrp-extended-group 55
virtual-ip 10.100.55.1
advertisement-interval 1
enable
no preempt-mode
!
no shutdown
No comments:
Post a Comment