Configuration Conflicts - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Displaying ACL Information
Configuration Conflicts
If you attempt to enter an ACL configuration that is not allowed, for example, applying a port ACL to
an interface on a switch that has router ACLs already configured, an error message is logged.
In this example, Gigabit port 1 is a Layer 2 interface. When you try to apply access list ip3, the error
message shows that there are already ACLs applied to Layer 3 interfaces on the switch.
Switch(config)# interface gigabitethernet0/1
Switch(config-if)# ip access-group ip3 in
Switch(config-if)#
1d18h:%FM-3-CONFLICT:Port ACL ip3 conflicts with input router ACLs
You can enter the show fm interface privileged EXEC command for an interface to determine if there
are ACL configuration conflicts or to learn the port-label number for the port. You can then enter the
show fm port-label privileged EXEC command to display more details, as shown in this example:
Switch# show fm interface gigabitethernet0/1
Conflicts exist with layer 3 access groups.
Input Port Label:2
Switch# show fm port-label 2
Conflicts exist with layer 3 access groups.
Needed in CAM(s):1
Loaded into CAM(s):1
Sent to CPU by CAM(s):
Interfaces: Gi0/1
IP Access Group:ip3 0 VMRs
DHCP Broadcast Suppression Disabled.
MAC Access Group:(None) 0 VMRs
This example shows the result of trying to apply ACL 121 to an SVI, VLAN 1, when the switch already
has ACLs applied to Layer 2 interfaces.
Switch(config)# interface vlan 1
Switch(config-if)# ip access-group 121 in
Switch(config-if)#
1d18h:%FM-3-CONFLICT:Input router ACL 121 conflicts with port ACLs
You can enter the show fm vlan privileged EXEC command for a VLAN to display the conflict and to
determine the VLAN label-ids, and then enter the show fm vlan-label command for more information.
Switch# show fm vlan 1
Conflicts exist with layer 2 access groups.
Input VLAN Label:1
Output VLAN Label:0 (default)
Priority:normal
Switch# show fm vlan-label 1
Conflicts exist with layer 2 access groups.
Input Features:
Interfaces or VLANs: Vl1
Priority:normal
Vlan Map:(none)
Access Group:121, 0 VMRs
Multicast Boundary:(none), 0 VMRs
Output Features:
Interfaces or VLANs:
Priority:low
Bridge Group Member:no
Vlan Map:(none)
Access Group:(none), 0 VMRs
Catalyst 3550 Multilayer Switch Software Configuration Guide
28-44
Chapter 28
Configuring Network Security with ACLs
78-11194-09
Advertisement
Table of Contents
Troubleshooting
