07-03-2001 09:27 PM - edited 02-20-2020 09:15 PM
On our 7206VXR I have multiple Port-channel sub
interfaces...i.e ->
interface Port-channel1
no ip address
ip route-cache flow
duplex full
hold-queue 150 in
!
interface Port-channel1.10
description Upstream_ISP_1
encapsulation dot1Q 10
ip address xxx.xxx.xxx.xxx 255.255.255.252
!
interface Port-channel1.20
description Upstream_ISP_2
encapsulation dot1Q 20
ip address xxx.xxx.xxx.xxx 255.255.255.252
!
interface Port-channel1.100
description Colo_Customer_A
encapsulation dot1Q 100
ip address xxx.xxx.xxx.xxx 255.255.255.248
!
interface Port-channel1.700
description Fibre-Client_A
encapsulation dot1Q 700
ip address xxx.xxx.xxx.xxx 255.255.255.252
!
And these are only going to increase!
Is it possible to apply ACL's to individual Port-channel sub interfaces
?
I wanted to implement a generic deny ACL on all sub interfaces that
would deny things like netbios traffic, non-routable IP's, and
definitely telnet access to the router!
Any suggestions/Comments would greatly be appreciated!
Regards,
MB
07-09-2001 02:46 PM
I dont have port-channel configured to test for you. Is it not taking the commands? If not, try submitting an enhancement request through Cisco.
07-09-2001 03:02 PM
Thanks for the reply.
Assigning an ACL to one of the port-channel's sub interfaces seems apply that ACL to all port-channels...which is definitely not what I want! ;)
Regards,
MB
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: