From: adz (ccie1day@totalise.co.uk)
Date: Fri Mar 14 2003 - 05:21:36 GMT-3
interfaces are logically seperate, so
access-list 169 is applied to traffic entering and leaving 19.170.156.240
subnet
access-list 102 is applied to traffic entering and leaving 192.168.11.0
subnet
It isn't more complicated than this honest!
Consider that a Vlan 10 - ISL 10 frame is an ISL frame - not an IP packet
until it has been de-capsulated by the router. Fast 0/0 and fast 0/0.10 -
isl 10 are logically separate!
Incidently, VLAN 1 using ISL trunking is a tagged frame, unlike 802.1Q - so
Vlan 1 ising ISL is usally configured like this:
!
interface FastEthernet0/0.1
encapsulation isl 1
ip address 19.170.156.242 255.255.255.248
ip access-group 169 in
ip access-group 169 out
cheers
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
kasturi cisco
Sent: 13 March 2003 19:58
To: ccielab@groupstudy.com
Subject: Access-list doubt
Group,
I have a doubt and dont have a router with trunk capabilties to test
this. Can some one confirm and direct me to the document(s) if any. I
could not locate this on Cisco.
Problem: If i have any acces-list on Physical interface and also on
sub-interface which takes precedence. See the config below.
interface FastEthernet0/0
ip address 19.170.156.242 255.255.255.248
ip access-group 169 in
ip access-group 169 out
speed 10
half-duplex
interface FastEthernet0/1.10
encapsulation isl 10
ip address 192.168.11.3 255.255.255.224
ip access-group 102 in
ip access-group 102 out
Thanks in advance for ur answers.
Good Luck,[IMAGE]
Kasturi.
------------------------------------------------------------------------
Cricket World Cup 2003 News, Views and Match Reports.
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:39 GMT-3