Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Port-channel sub interfaces and acl's

Unanswered Question
Jul 3rd, 2001
User Badges:

On our 7206VXR I have multiple Port-channel sub

interfaces...i.e ->

interface Port-channel1

no ip address

ip route-cache flow

duplex full

hold-queue 150 in


interface Port-channel1.10

description Upstream_ISP_1

encapsulation dot1Q 10

ip address xxx.xxx.xxx.xxx


interface Port-channel1.20

description Upstream_ISP_2

encapsulation dot1Q 20

ip address xxx.xxx.xxx.xxx


interface Port-channel1.100

description Colo_Customer_A

encapsulation dot1Q 100

ip address xxx.xxx.xxx.xxx


interface Port-channel1.700

description Fibre-Client_A

encapsulation dot1Q 700

ip address xxx.xxx.xxx.xxx


And these are only going to increase!

Is it possible to apply ACL's to individual Port-channel sub interfaces


I wanted to implement a generic deny ACL on all sub interfaces that

would deny things like netbios traffic, non-routable IP's, and

definitely telnet access to the router!

Any suggestions/Comments would greatly be appreciated!



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
beth-martin Mon, 07/09/2001 - 14:46
User Badges:
  • Bronze, 100 points or more

I don’t have port-channel configured to test for you. Is it not taking the commands? If not, try submitting an enhancement request through Cisco.

mbellears Mon, 07/09/2001 - 15:02
User Badges:

Thanks for the reply.

Assigning an ACL to one of the port-channel's sub interfaces seems apply that ACL to all port-channels...which is definitely not what I want! ;)




This Discussion