10-26-2020 11:34 PM
Hello,
When I try to apply an ACL to a Layer2 port, I am having this message. Does anyone know how to do it on nxos?
SPOR-MPLS(config-if)# show run interface ethernet 1/7
interface Ethernet1/7
switchport mode trunk
switchport trunk allowed vlan 818
SPOR-MPLS(config-if)# ip access-group multicast in
This access-list configuration is not allowed when the port is a switchport or a port-channel member
10-27-2020 01:27 AM
it is a L2 interface and you are attempting to assign a L3 ACL on a L2 interface, it required to apply in L3 interface where it located.
here is reference :
10-27-2020 02:14 AM
Hello again,
Since I could do it on ios (and it worked), I wonder if it was possible on nxos too.
Is this the difference between ios and nxos?
SE#show ip access-lists 107
Extended IP access list 107
10 permit ip any any
SE#show run interface fastEthernet 0/7
Building configuration...
Current configuration : 109 bytes
!
interface FastEthernet0/7
switchport access vlan 404
switchport mode access
ip access-group 107 in
end
10-27-2020 03:19 AM
Hi,
It's supported on IOS, but not supported on NX-OS.
You need Port ACL instead:
interface FastEthernet0/7
ip port access-group 107 in
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide