06-21-2021 01:23 PM
Can anyone explain why this is the case? From the 08.0.92e documentation:
On ICX 7850 devices only, configuration of egress ACLs is blocked on any virtual interface with an associated VLAN that contains an untagged port.
And sure enough, when I try:
(config-vif-1234)# ip access-group acl-name out
Error: Egress ACL on VE is not supported when vlan has untagged ports
It works fine on all other models we have (7450, 7650, 7750) as this is a normal thing for us. Why not here?
Solved! Go to Solution.
06-21-2021 01:36 PM
I do not have a definitive answer for you, but it seems like some kind of technical limitation on initial support for ICX7850. I can see that note in 8090 and 8092 documentation. 8095 has a pretty large re-write from an ACL standpoint and I do not see that limitation mentioned in 8095 documentation. ACLs will generally be applied at the vlan level starting from 8095 forward. It may be worth giving 8095d a shot for this specific use case.