Hi,

I'm trying to configure a Cisco Catalyst 6500 switch to not allow traffic from our traffic generators to go over the trunk link to the rest of the network. Currently I have multiple VLANs that correspond to different lab setups, each having traffic generators on them. The trunk port is used to connect VMs to each of the setups (on different VLANs) but I'm seeing that the traffic generators sometimes flood the trunk link and cause management be unusable.

I want to configure a port-based ACL to block traffic from the traffic generators from going over the trunk port but I don't see the "ip access-group" command available on this interface.

Here's the config for my trunk interface:

CATALYST2#show run int gi1/1
Building configuration...

Current configuration : 124 bytes
!
interface GigabitEthernet1/1
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
end

When I go into config mode and try to tie an ACL to the interface, the command isn't available:

CATALYST2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CATALYST2(config)#int gi1/1
CATALYST2(config-if)#ip access-group ?
% Unrecognized command

Any idea why? I need a way to block this traffic (either via IP or MAC ACLs). My understanding is that trunk ports are able to have port-based ACLs applied to them that will act on all VLANs but I can't seem to do it.  

Thanks for your help in advance!