Question

VDX-6740 An ACL is already configured on this interface or interface hierarchy.

  • 20 February 2019
  • 3 replies
  • 581 views

hi guys,

I'm trying to apply an ACL to a port channel iface and I see: (nos 7.3.0aa)

An ACL is already configured on this interface or interface hierarchy.

I check:
brc_bot(config-Port-channel-47)# do show access-list int po 47 in
%Error: ACL not applied

How do I find which ACL if any is on that "interface hierarchy". ps. where in docs I can find more info on that term?

many thanks, P.

3 replies

Userlevel 3
Hi P,

You can find information about ACLs in Security configuration guide:
https://documentation.extremenetworks.com/networkos/SW/73x/nos-730-securityguide.pdf

Best Regards,
Yulia
hi,
I've been using that very doc and found no single instance of phrase ""interface hierarchy".
Userlevel 3
Pawel,

A physical interface can be part of several different pieces of your config; a simple L2/L3 port, a port channel, VE interfaces, etc.

If your Physical port is part of a trunk mode port channel that has associated VEs configured, the ACL is most likely configured on the VE. This is what the error means when it states "Interface Hierarchy" as the port is associated to a "hierarchy" of config PHY > PO > VE

code:
VDX6740(config-Ve-10)# do sh run rb 12 int ve 10
rbridge-id 12
interface Ve 10
ip access-group TEST001 in
ip proxy-arp
ip address 10.10.10.10/24
no shutdown
VDX6740(config-Ve-10)# ip access-group test001 in
%%Error: An ACL is already configured on this interface or interface hierarchy.

Reply