Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL on a 10G Ethernet port on a VS-S720-10G Card

I am trying to apply an ACL on a 10g ethernet port on a VS-S720-10G card but it's not showing on the options. Is the port ACL a supported option on the 10g ethernet port on a sup 720 card?.

7 REPLIES
Hall of Fame Super Blue

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

Well according to Table 3 in this link yes they are supported -

http://www.cisco.com/en/US/customer/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856_ps2797_Products_Data_Sheet.html

so not sure why there are not an option. How have you configured the port ie. L2 switchport or L3 routed port ?

if a L2 switchport is it configured as a trunk ?

Jon

New Member

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

The port is configured as a trunk and a L2 port. This is the configuration of the port

switchport trunk encapsulation dot1q

switchport trunk allowed vlan xxxx,xxxx,xxxx

switchport mode trunk

switchport nonegotiate

no snmp trap link-status

and these are the options I see when under the interface config (looking for ip access-group)

router2(config-if)#ip ?     

Interface IP configuration subcommands:

  admission           Apply Network Admission Control

  arp                 Configure ARP features

  auth-proxy          Apply authenticaton proxy

  dhcp                Configure DHCP parameters for this interface

  dhcp                DHCP

  header-compression  IPHC options

  igmp                IGMP interface commands

  rsvp                RSVP interface commands

  rtp                 RTP parameters

  verify              verify

  vrf                 VPN Routing/Forwarding parameters on the interface

Thanks.....

Hall of Fame Super Blue

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

Can you add this to the port configuration -

int xxx

access-group mode prefer port

and then see if the "ip access-group ..." is available.

Jon

New Member

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

Jon,

There is still no option to configure ip access-group when configuring the trunk port with the access mode preferred port configuration.

Chris

Cisco Employee

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

ip access-group is for layer 3 interfaces.  Either change the layer 2 interface to layer 3 with "no switchport" or put the ACL on the SVI

New Member

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

Kathleen,

Thanks for the reply but as per documentation on the 6509 and on the 12.2SX IOS, Port ACL on Layer 2 is supported.

Jon,

Additional information is that it is not just on the 10G ethernet port that we are not seeing the "ip access-group option". It is not also showing up on the 1 g interface ports that is configured as a trunk.

The "ip access-group" option does show up though on a 4900M Line card but configured as private-vlan trunk.

Chris

Cisco Employee

Re: ACL on a 10G Ethernet port on a VS-S720-10G Card

Sorry about that last post, you're right.  What version are you running?  From this doc it looks like you need SXI

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vss.html#wp1053880

With some exceptions, the VSS has feature parity with the standalone Catalyst 6500 series switch. Major exceptions include:

In software releases earlier than Cisco IOS Release 12.2(33)SXI2, the VSS does not support IPv6 unicast or MPLS.

In software releases earlier than Cisco IOS Release 12.2(33)SXI, port-based QoS and port ACLs (PACLs) are supported only on Layer 2 single-chassis or multichassis EtherChannel (MEC) links. Beginning with Cisco IOS Release 12.2(33)SXI, port-based QoS and PACLs can be applied to any physical port in the VSS, excluding ports in the VSL. PACLs can be applied to no more than 2046 ports in the VSS.

495
Views
0
Helpful
7
Replies