EasyManuals Logo
Home>Cisco>Network Router>Catalyst 3550 Series

Cisco Catalyst 3550 Series User Manual

Cisco Catalyst 3550 Series
992 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #582 background imageLoading...
Page #582 background image
28-44
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-09
Chapter 28 Configuring Network Security with ACLs
Displaying ACL Information
Configuration Conflicts
If you attempt to enter an ACL configuration that is not allowed, for example, applying a port ACL to
an interface on a switch that has router ACLs already configured, an error message is logged.
In this example, Gigabit port 1 is a Layer 2 interface. When you try to apply access list ip3, the error
message shows that there are already ACLs applied to Layer 3 interfaces on the switch.
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group ip3 in
Switch(config-if)#
1d18h:%FM-3-CONFLICT:Port ACL ip3 conflicts with input router ACLs
You can enter the show fm interface privileged EXEC command for an interface to determine if there
are ACL configuration conflicts or to learn the port-label number for the port. You can then enter the
show fm port-label privileged EXEC command to display more details, as shown in this example:
Switch# show fm interface gigabitethernet0/1
Conflicts exist with layer 3 access groups.
Input Port Label:2
Switch# show fm port-label 2
Conflicts exist with layer 3 access groups.
Needed in CAM(s):1
Loaded into CAM(s):1
Sent to CPU by CAM(s):
Interfaces: Gi0/1
IP Access Group:ip3 0 VMRs
DHCP Broadcast Suppression Disabled.
MAC Access Group:(None) 0 VMRs
This example shows the result of trying to apply ACL 121 to an SVI, VLAN 1, when the switch already
has ACLs applied to Layer 2 interfaces.
Switch(config)# interface vlan 1
Switch(config-if)# ip access-group 121 in
Switch(config-if)#
1d18h:%FM-3-CONFLICT:Input router ACL 121 conflicts with port ACLs
You can enter the show fm vlan privileged EXEC command for a VLAN to display the conflict and to
determine the VLAN label-ids, and then enter the show fm vlan-label command for more information.
Switch# show fm vlan 1
Conflicts exist with layer 2 access groups.
Input VLAN Label:1
Output VLAN Label:0 (default)
Priority:normal
Switch# show fm vlan-label 1
Conflicts exist with layer 2 access groups.
Input Features:
Interfaces or VLANs: Vl1
Priority:normal
Vlan Map:(none)
Access Group:121, 0 VMRs
Multicast Boundary:(none), 0 VMRs
Output Features:
Interfaces or VLANs:
Priority:low
Bridge Group Member:no
Vlan Map:(none)
Access Group:(none), 0 VMRs

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3550 Series and is the answer not in the manual?

Cisco Catalyst 3550 Series Specifications

General IconGeneral
BrandCisco
ModelCatalyst 3550 Series
CategoryNetwork Router
LanguageEnglish

Related product manuals