It seems that GigE edge features (ACL, rate limiting) is scheduled to be addressed with the 10-GigE port card for 12400, with the "Engine 4 with extra sauce". It was supposed to be available at this time frame, can anyone confirm or deny this ? Amyway, the distributed architeture of GSR means you need to heavily look, insist and beat them regarding having all the features you need on all possibile media cards, but time has shown that so far it didn't work. So, my message to Cisco is that if Cisco wants to use the "distributed versus centralized" slogan in the war against competition, it must provide all features at all possible media interfaces: POS, GigE, ATM, channelized Tn. Rubens Kuhl Jr. -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Leo Bicknell Sent: Friday, October 19, 2001 12:25 PM To: nanog@merit.edu Subject: Re: 12000 ACL issue On Fri, Oct 19, 2001 at 09:55:39AM +0100, James A. T. Rice <james_r-nanog@jump.org.uk> wrote:
Does anyone else here use ACL's on subinterfaces of single GigE linecards on GSRs? As of 12.0(16S), the ability to type 'ip access-group' while in the subinterface configuration was removed, leaving me stuck on 12.0(15S3).
Cisco seem to be under the impression that BBC are the only customer who used this feature, if anyone else ACL's on GigE subinterfaces, please get in touch so we can correct them.
We've been beating on them for some time over this issue. In my personal experience, you can put the ACL on the physical port - making sure of course it passes everything you want it to for _every_ vlan on that interface allowing you to filter some traffic. Basically the ACL on the physical interface seems to get applied to every subinterface. Cisco has clearly not gotten the message, so for all those Cisco people reading this I will restate it clearly: _ALL_ interfaces must support basic ACL's or we're not going to buy them from you. There is no such thing as an interface that doesn't need ACL's, no matter how much you rationalize it. A number of us are already speaking out on this issue with our $$$ taking it to vendors who understand this. You don't need 50,000 line ACL's, 37 kinds of QOS, or all that other crap on every card, but the ability to do a 10 line filter is a critical feature, and not having it is like not having a routing engine, it makes the box useless. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org