On our 7206VXR I have multiple Port-channel sub

interfaces...i.e ->

interface Port-channel1

no ip address

ip route-cache flow

duplex full

hold-queue 150 in

!

interface Port-channel1.10

description Upstream_ISP_1

encapsulation dot1Q 10

ip address xxx.xxx.xxx.xxx 255.255.255.252

!

interface Port-channel1.20

description Upstream_ISP_2

encapsulation dot1Q 20

ip address xxx.xxx.xxx.xxx 255.255.255.252

!

interface Port-channel1.100

description Colo_Customer_A

encapsulation dot1Q 100

ip address xxx.xxx.xxx.xxx 255.255.255.248

!

interface Port-channel1.700

description Fibre-Client_A

encapsulation dot1Q 700

ip address xxx.xxx.xxx.xxx 255.255.255.252

!

And these are only going to increase!

Is it possible to apply ACL's to individual Port-channel sub interfaces

?

I wanted to implement a generic deny ACL on all sub interfaces that

would deny things like netbios traffic, non-routable IP's, and

definitely telnet access to the router!

Any suggestions/Comments would greatly be appreciated!

Regards,

MB