Hello everyone,

It's been awhile since I've had a project working Cisco equipment and I have a quick question on whether I can do something or not or how to get around it.

I am using a catalyst 2970 switch for 2 vlans. Corporate data and a separate VLAN for backups. What I want to do is create an LACP etherchannel to the switch and also trunk these ports so the server is part of both VLANS.

Due to fact that some of these servers are on totally separated networks, they really shouldn't be able to talk to the backup server. Creating the VLAN for backups helps me achieve this. I plan to create inbound ACLs on each port to allow only the ports and IPs for the backup network and allow everything we need for corporate data.

I read somewhere that you can't have ACLs on an etherchannel and I just want to get it all straightened out. I notice I can't add an access group to the port-channel itself but I can on the port-channel member ports. Is this all I need to do or does this not work?

Please share your experiences with this or other recommendations you may have.

Thanks!!!

Sent from Cisco Technical Support iPhone App