Extreme Networks

Pawel_Eljasz · ‎02-20-2019

hi guys,

I'm trying to apply an ACL to a port channel iface and I see: (nos 7.3.0aa)

An ACL is already configured on this interface or interface hierarchy.

I check:
brc_bot(config-Port-channel-47)# do show access-list int po 47 in
%Error: ACL not applied

How do I find which ACL if any is on that "interface hierarchy". ps. where in docs I can find more info on that term?

many thanks, P.

Michael_Morey · ‎02-21-2019

Pawel,

A physical interface can be part of several different pieces of your config; a simple L2/L3 port, a port channel, VE interfaces, etc.

If your Physical port is part of a trunk mode port channel that has associated VEs configured, the ACL is most likely configured on the VE. This is what the error means when it states "Interface Hierarchy" as the port is associated to a "hierarchy" of config PHY > PO > VE

code:

VDX6740(config-Ve-10)# do sh run rb 12 int ve 10
rbridge-id 12
interface Ve 10
ip access-group TEST001 in
ip proxy-arp
ip address 10.10.10.10/24
no shutdown
VDX6740(config-Ve-10)# ip access-group test001 in
%%Error: An ACL is already configured on this interface or interface hierarchy.

Michael Morey
Principal Technical Support Engineer
Extreme Networks

Pawel_Eljasz · ‎02-20-2019

hi,
I've been using that very doc and found no single instance of phrase ""interface hierarchy".

Yulia_Abitbul · ‎02-20-2019

Hi P,

You can find information about ACLs in Security configuration guide:
https://documentation.extremenetworks.com/networkos/SW/73x/nos-730-securityguide.pdf

Best Regards,
Yulia

Extreme Networks

VDX-6740 An ACL is already configured on this interface or interface hierarchy.

VDX-6740 An ACL is already configured on this interface or interface hierarchy.