Skip to content

Example: ingress source port matching hierarchical access list

r1: 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
hostname r1
buggy
!
logging file debug ../binTmp/zzz22r1-log.run
!
access-list test4a
 sequence 10 permit all any 123 any all
 exit
!
access-list test4b
 sequence 10 evaluate deny test4a
 sequence 20 permit all any all any all
 exit
!
access-list test6a
 sequence 10 permit all any 123 any all
 exit
!
access-list test6b
 sequence 10 evaluate deny test6a
 sequence 20 permit all any all any all
 exit
!
vrf definition tester
 exit
!
vrf definition v1
 rd 1:1
 exit
!
interface ethernet1
 no description
 vrf forwarding v1
 ipv4 address 1.1.1.1 255.255.255.252
 ipv4 access-group-in test4b
 ipv6 address 1234::1 ffff:ffff::
 ipv6 access-group-in test6b
 no shutdown
 no log-link-change
 exit
!
interface tunnel1
 no description
 tunnel key 123
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1.1.1.2
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.1.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel2
 no description
 tunnel key 123
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1234::2
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.2.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel3
 no description
 tunnel key 321
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1.1.1.2
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.3.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel4
 no description
 tunnel key 321
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1234::2
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.4.1 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tester
 security protocol telnet
 no exec authorization
 no login authentication
 vrf tester
 exit
!
!
end

r2: 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
hostname r2
buggy
!
logging file debug ../binTmp/zzz22r2-log.run
!
vrf definition tester
 exit
!
vrf definition v1
 rd 1:1
 exit
!
interface ethernet1
 no description
 vrf forwarding v1
 ipv4 address 1.1.1.2 255.255.255.252
 ipv6 address 1234::2 ffff:ffff::
 no shutdown
 no log-link-change
 exit
!
interface tunnel1
 no description
 tunnel key 123
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1.1.1.1
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.1.2 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel2
 no description
 tunnel key 123
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1234::1
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.2.2 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel3
 no description
 tunnel key 321
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1.1.1.1
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.3.2 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
interface tunnel4
 no description
 tunnel key 321
 tunnel vrf v1
 tunnel source ethernet1
 tunnel destination 1234::1
 tunnel mode pckoudp
 vrf forwarding v1
 ipv4 address 2.2.4.2 255.255.255.0
 no shutdown
 no log-link-change
 exit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
server telnet tester
 security protocol telnet
 no exec authorization
 no login authentication
 vrf tester
 exit
!
!
end