Im not sure about the higher end model of cisco, but you cannnot configure ACL's on port channel.
I plan to create inbound ACLs on each port to allow only the ports
Yes
Or
You can apply acl on the SVI interface.
example:
interface vlan20
description corporate-server vlan
ip addd x.x.x.x. .x.x.x.
ip access-group allow-in-ips-primary-to-backup in
ip access-list extended allow-in-ips-primary-to-backup
deny ip any 10.10.10.0 0.0.0.255
permit ip any any
Regards,
srikanth
***Please rate the helpfull posts*****