Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't apply ALC to trunk port

Hi,

I'm trying to configure a Cisco Catalyst 6500 switch to not allow traffic from our traffic generators to go over the trunk link to the rest of the network. Currently I have multiple VLANs that correspond to different lab setups, each having traffic generators on them. The trunk port is used to connect VMs to each of the setups (on different VLANs) but I'm seeing that the traffic generators sometimes flood the trunk link and cause management be unusable.

I want to configure a port-based ACL to block traffic from the traffic generators from going over the trunk port but I don't see the "ip access-group" command available on this interface.

Here's the config for my trunk interface:


CATALYST2#show run int gi1/1
Building configuration...

Current configuration : 124 bytes
!
interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
end

 

When I go into config mode and try to tie an ACL to the interface, the command isn't available:


CATALYST2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CATALYST2(config)#int gi1/1
CATALYST2(config-if)#ip access-group ?
% Unrecognized command

Any idea why? I need a way to block this traffic (either via IP or MAC ACLs). My understanding is that trunk ports are able to have port-based ACLs applied to them that will act on all VLANs but I can't seem to do it.  

Thanks for your help in advance!

 

Everyone's tags (1)
1 REPLY
New Member

After some more research, I

After some more research, I noticed that to configure a PACL on a trunk port, you must first configure port prefer mode. The command to put a trunk port in port prefer mode is "access-group mode prefer port" on the interface. Unfortunately that command isn't available in my CLI either... Still stuck. 

92
Views
0
Helpful
1
Replies
CreatePlease login to create content