I have a 4006 w/ Channel-ports. I have 2 PCs on 2/12 & 2/13, Vlan 2 & VLAN
3. I can ping both of them from each other.
I tried applying to interface port-channel, nope
I tried applying to sub-interface port-channel, nope
Applied to internal g3 & g4 multiplexed channels, it let me but nothing
happened.
I can route between VLANs, but not take advantage of L4.
I looked through the Archives, but only found ACL statements, did anyone
else have problems applying them?
Router(config)#access-list 100 deny icmp 30.0.0.2 0.0.0.255 any
Router(config-if)#ip access-group 100 out
ACL is not supported on interface Port-channel64
Router(config-subif)#ip access-group 100 in
ACL is not supported on interface Port-channel64.3ip access-group
100 in
Router(config)#interface g3
Router(config-if)#ip access-group 100 out
Router(config-if)#ip access-group 100 in
Router(config)#interface g4
Router(config-if)#ip access-group 100 out
Router(config-if)#ip access-group 100 in
Configs:
Router#sh config
Using 1430 out of 126968 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface Port-channel64
no ip address
ip access-group 100 out
no ip directed-broadcast
hold-queue 300 in
!
interface Port-channel64.1
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
no ip directed-broadcast
!
interface Port-channel64.2
encapsulation dot1Q 2
ip address 20.0.0.1 255.255.255.0
no ip directed-broadcast
!
interface Port-channel64.3
encapsulation dot1Q 3
ip address 30.0.0.1 255.255.255.0
no ip directed-broadcast
!
interface FastEthernet1
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet1
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet2
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet3
no ip address
ip access-group 100 in
ip access-group 100 out
no ip directed-broadcast
no negotiation auto
channel-group 64
!
interface GigabitEthernet4
no ip address
ip access-group 100 in
ip access-group 100 out
no ip directed-broadcast
no negotiation auto
channel-group 64
!
ip classless
!
access-list 100 deny icmp 30.0.0.0 0.0.0.255 any
arp 127.0.0.2 0002.4bc7.0800 ARPA
!
line con 0
transport input none
line aux 0
line vty 0 4
!
end
Switch
Console> (enable) sh config
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#time: Sun Aug 6 2000, 05:05:17
!
#version 5.5(1)
!
!
#system web interface version(s)
!
#frame distribution method
set port channel all distribution mac both
!
#vtp
set vtp domain bcmsn
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name VLAN0002 type ethernet mtu 1500 said 100002 state active
set vlan 3 name VLAN0003 type ethernet mtu 1500 said 100003 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state
activ
e stp ieee
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
active st
p ibm
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state
acti
ve mode srb aremaxhop 7 stemaxhop 7 backupcrf off
!
#ip
set interface sc0 1 10.0.0.2/255.255.255.0 10.0.0.255
set interface sl0 down
set interface me1 down
set ip route 0.0.0.0/0.0.0.0 10.0.0.1
!
#syslog
set logging level cops 2 default
!
#set boot command
set boot config-register 0x2
set boot system flash bootflash:cat4000.5-5-1.bin
!
#port channel
set port channel 2/3-4 6
set port channel 2/1-2 15
!
#module 1 : 2-port 1000BaseX Supervisor
!
#module 2 : 34-port Router Switch Card
set vlan 2 2/12
set vlan 3 2/13
set trunk 2/1 on dot1q 1-1005
set trunk 2/2 on dot1q 1-1005
set port channel 2/1-2 mode on
!
#module 3 : 6-port 1000BaseX Ethernet
!
#module 4 : 6-port 1000BaseX Ethernet
!
#module 5 empty
!
#module 6 empty
end
Matt Butcher, CCNA
Cisco Router / Switch Configuration Engineer
DynCorp Information Systems
Fairfax, VA
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
