Configure ACL on 802.1Q Trunk interface

Unanswered Question
Sep 4th, 2009

Just wanted to confirm if it is possible to assign an ACL on a trunk interface. I don't think it's possible, right?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
simontibbitts Fri, 09/04/2009 - 06:34


It is possible to do it on a switch. The only thing is it filters for all VLANs.

If you are looking to do it on a router then I have just tested in my lab and it works fine. Tested on 12.4(21) - works fine:

interface FastEthernet0/1

no ip address

duplex auto

speed auto


interface FastEthernet0/1.101

encapsulation dot1Q 101

ip address

ip access-group 101 in


access-list 101 deny tcp any any eq telnet

access-list 101 permit ip any any

Hope that helps



This Discussion