Re: cat 4006 - ACL not supported on Port Channel

klcheang · ‎11-28-2001

Hi, I had encouter this error message when i try to define a acl to one of the interfaces, any idea what's wrong with my setting ?

"3w3d: ACL is not supported on interface Port-channel1.1"

interface Port-channel1

no ip address

no ip directed-broadcast

hold-queue 300 in

!

interface Port-channel1.1

encapsulation dot1Q 1 native

ip address 10.15.24.1 255.255.255.0

no ip redirects

no ip directed-broadcast

ipx encapsulation NOVELL-ETHER

ipx network 1

!

C4006(config-subif)#ip access-group 101 in

C4006(config-subif)#

3w3d: ACL is not supported on interface Port-channel1.1

bsivasub · ‎11-28-2001

URL for reference

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/78_10164.htm#17101

Layer 3 ACLs are supported only on the Layer 3 Gigabit Ethernet ports and corresponding Gigabit Ethernet subinterfaces.

e.spick · ‎01-02-2002

Thanks for your reference - we have now reconfigured our layer3 card so that we are now using vlan subinterfaces on the internal gigabit interfaces 3 and 4 rather than etherchannel, however we are still having problems getting access controls between the vlans working - the acls do seem to be applied now without any obvious errors however they do not seem to be matching source addresses properly so that a host address that should be caught by the deny all gets through! Any help you can give would be greatly appreciated

david.porter · ‎12-03-2001

With the Catalyst 4006, ACLs are not supported on the two internal gigabit interfaces if you channel them. You must configure the interfaces separately if you want to use ACLs.

e.spick · ‎12-05-2001

I have the same problem having set up all my vlans on port-channel subinterfaces, does this mean I have to reconfigure the whole thing in order to apply inter-vlan access controls ? If so how should I do this, or is there another way around this problem?