ACL on port channel.

gemini.kadam · ‎12-08-2004

Hi

I want apply acl on Port channel subinterface. can we apply acl on port channel plz help urgent.

julian.knott · ‎12-09-2004

Hi, yes you can, code below shows an ACL named sasserworn being applied to a portchannel on a 6500 series switch.

interface Port-channel1

description to switch 99

ip address 192.168.1.3 255.255.254.0

ip access-group sasserworm in

gemini.kadam · ‎12-09-2004

Hi

Thanks for the information I have 4006 switch with WS-4232 L3 Module. with IOS Ver 12.0 Can it possible in 4006 switch.

Regards...

Anil

julian.knott · ‎12-13-2004

Hi,

it appears that you can not do this on that type of switch, please see info below taken from:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a0080157f51.shtml

Access Control List Restrictions

The following restrictions apply when you are configuring ACLs on the Catalyst 4000 Layer 3 Services module.

ACLs are supported only on Gigabit Ethernet ports and corresponding Gigabit Ethernet subinterfaces.

ACLs are not supported on Bridge-Group Virtual Interface (BVI), Fast EtherChannel (FEC), Gigabit EtherChannel (GEC), or Fast Ethernet interfaces.

Reflexive and dynamic ACLs are not supported.

Access violations accounting is not supported.

ACL logging is supported only for permitted packets going to the CPU. Although control-plane ACLs are processed by the CPU, only the permitted packets are sent to the CPU. ACLs program a deny in the hardware before they reach the CPU and therefore cannot be logged.

ACL logging is not supported for switched packets.

Standard, Extended, and Named styles are supported ACLs for IP.

Rgds,

Julian.