I'm sorry, but ACL's are support on E0's and E1's. Who ever told you otherwise is incorrect. I worked on numerous accounts while at Cisco, and have multiple deployments at my new employers where ACL's are implemented on E1 8-port FE, E1 1-port GE, E0 1-port ATM OC12, E1 12-port DS3's, plus many others. This includes GSR's running 12.0(6)S, 12.0(9)S, 12.0(14)S, 12.0(16)S, and 12.0(17)S1 (plus numerous images in-between that I can't remember). Are you confusing the limitation that the ACL's must be inbound and not outbound? Another words when you went to migrate your 7500's config, which probably followed prior recommendation outbound ACL's, it failed? Because of the design of the GSR, all ACL's are actually process on the inbound interface, regardless of how you define the ACL's (this will change with the E3 and E4+ based cards), and given certain versions of IOS you can define outbound ACL's that the router translates into inbound ACL's for you (again with further limitations). This is highly looked down upon by the TAC. I also do not believe that they are planning a 10 port GE card based on the E3. It is also a 2.5 Gig engine, so you would have massive over subscription would that turn out to be the case. E4's are the 10Gig engine, and there are various ones underdevelopment, but you should talk to your account team about the status of them. David -----Original Message----- From: Andrew C. Ohnstad [mailto:andrewo@gblx.net] Sent: Monday, July 23, 2001 11:12 AM To: David Sinn Cc: Mikael Abrahamsson; nanog@merit.org Subject: Re: Netflow bug on 3-GE cards (Trident) in Cisco GSRs On Mon, Jul 23, 2001 at 10:42:26AM -0700, David Sinn wrote:
I beg to differ.
As a former employee of Cisco, you comments about ACL's on E0 and E1 cards are totally off base. I'm not sure where you got this "information", but it is most certainly not the case.
Standard ACL's & Extended ACL's have been supported by the E0's and E1's that were released in 12.0(5)S (most) and 12.0(6)S (2 port OC-12 DPT) versions of IOS. This includes the 8 port FE and 1 port GE cards. This includes support by the development organization that oversees software on the GSR, and by the TAC. (Whether the TAC engineer is capable of supporting you is another issue.)
I apologize, I made a couple mistakes in my response. ACLs are not supported on E0 and E1 Gig/FE cards. You used to be able to do them anyways, but they didn't work. They were removed in recient releases. They will be supported by (and re-enabled on) the Engine3 10 port GigE cards under development. We found this out the hard way when we upgraded a pair of GSR with GigE "DMZ" type interfaces behind it. We had to scramble to install a 7xxx series routers to serve as dedicated DMZ routers and do the ACLs on them. -- =-=andrewo