Correction: 3550 - ip acl's on trunks

From: Bob Sinclair (bsinclair@netmasterclass.net)
Date: Mon Apr 26 2004 - 11:58:30 GMT-3

• Next message: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Previous message: Bob Sinclair: "Re: 3550 - ip acl's on trunks"
• Next in thread: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: Bob Sinclair: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: Bob Sinclair: "Re: Correction: 3550 - ip acl's on trunks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

After more further reflection, it looks like applying port acls to physical
ports in an etherchannel is supported. What is not supported is applying an
access-list to a L2 PortChannel Interface. When the docs refer to an
"Etherchannel interface", they appear to mean the PortChannel Interface (L2
or L3), not the physical ports in the channel.

Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net

----- Original Message -----
From: "Bob Sinclair" <bsinclair@netmasterclass.net>
To: "Tim Last" <packtmon@yahoo.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Monday, April 26, 2004 10:43 AM
Subject: Re: 3550 - ip acl's on trunks

> Tim,
>
> The documentation says port acls are not permitted on (L2) etherchannel
> interfaces. Router acls are allowed on PO interfaces. I would take
this
> as sound advice, though I have found that port acls applied to L2
> etherchannel interfaces are effective.
>
> Docs say that port acls applied to trunk ports will filter all vlans on
the
> trunk, which appears to work in practice.
>
> HTH,
>
> Bob Sinclair
> CCIE #10427, CISSP, MCSE
> www.netmasterclass.net
>
> ----- Original Message -----
> From: "Tim Last" <packtmon@yahoo.com>
> To: "Group Study" <ccielab@groupstudy.com>
> Sent: Monday, April 26, 2004 10:13 AM
> Subject: 3550 - ip acl's on trunks
>
>
> > Hi guys,
> >
> > I know that standard and extended ip acl's work without any additional
> configuration statements on regular Cat 3550 L2 access ports (assuming the
> acl isn't being used for QoS purposes).
> >
> > Is this also true if the port is a trunk or if ports have been grouped
> into an etherchannel?
> >
> > Also, can ip acl's be applied to SVI's?
> >
> > Thanks in advanced, Tim
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! Photos: High-quality 4x6 digital prints for 25"
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Previous message: Bob Sinclair: "Re: 3550 - ip acl's on trunks"
• Next in thread: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: Bob Sinclair: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: ccie2be: "Re: Correction: 3550 - ip acl's on trunks"
• Maybe reply: Bob Sinclair: "Re: Correction: 3550 - ip acl's on trunks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:55 GMT-3