BigIron RX Series Configuration Guide 52153-1001986-01Configuring numbered and named ACLs 21Configuring ACL-based mirroring for ACLs bound to virtualinterfacesFor configurations that have an ACL bound to a virtual interface, you must configure theacl-mirror-port command on a port for each PPCR that is a member of the virtual interface. Forexample, in the following configuration ports 4/1 and 4/2 share the same PPCR while port 4/3uses another PPCR.BigIron RX(config)# vlan 10BigIron RX(config-vlan-10)# tagged ethernet 4/1 to 4/3BigIron RX(config-vlan-10)# router-interface ve 10BigIron RX(config)# interface ethernet 4/1BigIron RX(config-if-e10000-4/1)# acl-mirror-port ethernet 5/1BigIron RX(config)# interface ve 10BigIron RX(config-vif-10)# ip address 10.10.10.254/24BigIron RX(config-vif-10)# ip access-group 102 inBigIron RX(config)# access-list 101 permit ip any any mirrorIn this configuration, the acl-mirror-port command is configured on port 4/1 which is a member ofve 10. Because of this, ACL-based mirroring will apply to VLAN 10 traffic that arrives on ports 4/1and 4/2. It will not apply to VLAN 10 traffic that arrives on port 4/3 because that port uses adifferent PPCR than ports 4/1 and 4/2. To make the configuration apply ACL-based mirroring toVLAN 10 traffic arriving on port 4/3, you must add the following command to the configuration.BigIron RX(config)# interface ethernet 4/3BigIron RX(config-if-e10000-4/3)# acl-mirror-port ethernet 5/1Configuring numbered and named ACLsWhen you configure ACLs, you can refer to the ACL by a numeric ID or by an alphanumeric name(except for super ACLs, which must be assigned numeric IDs). The commands to configurenumbered ACLs are different from the commands to configure named ACLs.• To identify an ACL by a numeric ID, use 1 – 99 for a standard ACL, 100 – 199 for an extendedACL, and 500 – 599 for a super ACL. This document refers to these ACLs as numbered ACLs.• To identify an ACL by a name, first specify whether the ACL is standard or extended, thenspecify the name. This document refers to these ACLs as named ACLs. Super ACLs must beconfigured with numeric IDs only.You can configure up to 100 standard named or numbered IP ACLs, 100 extended named ornumbered IP ACLs, and 100 numbered super ACLs. Regardless of how many ACLs you configure,the BigIron RX can support a maximum of 1024 ACL entries, associated with the ACLs in anycombination.Configuring standard numbered ACLsThis section describes how to configure standard numbered ACLs with numeric IDs.• For configuration information on named ACLs, refer to “Configuring standard or extendednamed ACLs” on page 531.• For configuration information on extended ACLs, refer to “Configuring extended numberedACLs” on page 523.