Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3545
Views
1
Helpful
1
Replies

ACL on Port-Group as well as vNIC, what is expected behaviour?

techmail4sam
Level 1
Level 1

‎08-07-2009 03:37 AM

Hi,

I have a port-group which contains two VMs ( having a single vNIC each) .

Till now I was applying the ACLs to the port-group and VMs worked as per the ACLs. But then I applied a different ACL to the individual vNIC. I assumed that the traffic will be monitored at two levels, at NIC and then at port-group for outwards access from VM and the reverse way for incoming traffic. But it didnt go that way. I observed that the ACL applied to the vNIC was the only deciding factor for both the in and out traffic to that VM. The question is , "is that the expected behaviour ?" and if it is so then in this scenario when does the port-group ACL come in to picture.

Please provide some insight on this behaviour.

Thanks

Labels:
0 Helpful
1 Reply 1

mohp
Cisco Employee
Cisco Employee

‎08-07-2009 03:47 AM

ACL config applied over interface(vNIC) will take precedence and override the port-group config is an expected bahavior. If the config applied thru interface(vNIC) is removed then the config present in port-group will be applied.

Thanks.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card