Example: egress ttl matching hierarchical access list¶
r1
hostname r1
access-list test4a
permit all any all any all ttl 110-120
exit
access-list test6a
permit all any all any all ttl 110-120
exit
access-list test4b
evaluate deny test4a
permit all any all any all
exit
access-list test6b
evaluate deny test6a
permit all any all any all
exit
vrf def v1
rd 1:1
exit
int eth1
vrf for v1
ipv4 addr 1.1.1.1 255.255.255.252
ipv6 addr 1234::1 ffff:ffff::
ipv4 access-group-out test4b
ipv6 access-group-out test6b
exit
r2
hostname r2
vrf def v1
rd 1:1
exit
int eth1
vrf for v1
ipv4 addr 1.1.1.2 255.255.255.252
ipv6 addr 1234::2 ffff:ffff::
exit
r2 tping 100 5 1.1.1.1 vrf v1 ttl 90
r2 tping 100 5 1234::1 vrf v1 ttl 90
r1 tping 100 5 1.1.1.2 vrf v1 ttl 90
r1 tping 100 5 1234::2 vrf v1 ttl 90
r2 tping 100 5 1.1.1.1 vrf v1 ttl 115
r2 tping 100 5 1234::1 vrf v1 ttl 115
r1 tping 0 5 1.1.1.2 vrf v1 ttl 115
r1 tping 0 5 1234::2 vrf v1 ttl 115
r2 tping 100 5 1.1.1.1 vrf v1 ttl 130
r2 tping 100 5 1234::1 vrf v1 ttl 130
r1 tping 100 5 1.1.1.2 vrf v1 ttl 130
r1 tping 100 5 1234::2 vrf v1 ttl 130
- Install ContainerLab as described here
- Fetch crypt-acl54 file
- Launch ContainerLab
crypt-acl54.yml
topology:
containerlab deploy --topo crypt-acl54.yml
crypt-acl54.yml
topology:
containerlab destroy --topo crypt-acl54.yml