Example: egress ttl matching access list¶
r1
hostname r1
access-list test4
deny all any all any all ttl 110-120
permit all any all any all
exit
access-list test6
deny all any all any all ttl 110-120
permit all any all any all
exit
vrf def v1
rd 1:1
exit
int eth1
vrf for v1
ipv4 addr 1.1.1.1 255.255.255.252
ipv6 addr 1234::1 ffff:ffff::
ipv4 access-group-out test4
ipv6 access-group-out test6
exit
r2
hostname r2
vrf def v1
rd 1:1
exit
int eth1
vrf for v1
ipv4 addr 1.1.1.2 255.255.255.252
ipv6 addr 1234::2 ffff:ffff::
exit
r2 tping 100 5 1.1.1.1 vrf v1 ttl 90
r2 tping 100 5 1234::1 vrf v1 ttl 90
r1 tping 100 5 1.1.1.2 vrf v1 ttl 90
r1 tping 100 5 1234::2 vrf v1 ttl 90
r2 tping 100 5 1.1.1.1 vrf v1 ttl 115
r2 tping 100 5 1234::1 vrf v1 ttl 115
r1 tping 0 5 1.1.1.2 vrf v1 ttl 115
r1 tping 0 5 1234::2 vrf v1 ttl 115
r2 tping 100 5 1.1.1.1 vrf v1 ttl 130
r2 tping 100 5 1234::1 vrf v1 ttl 130
r1 tping 100 5 1.1.1.2 vrf v1 ttl 130
r1 tping 100 5 1234::2 vrf v1 ttl 130
- Install ContainerLab as described here
- Fetch crypt-acl10 file
- Launch ContainerLab
crypt-acl10.yml
topology:
containerlab deploy --topo crypt-acl10.yml
crypt-acl10.yml
topology:
containerlab destroy --topo crypt-acl10.yml