Creating ACL's with a Port Channel?

Ok i accidentally deleted the old post, but sort of figured out whats not working.

For some reason i can’t get ACLs to accept a port channel for the inbound or outbound to create a rule…

I can create a ACL to remap on Inbound port Gi0/2 vlan 20 to 2000
But i can’t create an ACL to remap Inbound port Po1 vlan 2000 to 20

I get “ERROR: Unable to set filter VLAN ID.”

If i try to set the rule using the underlying interfaces of Po1 I get ERROR: Check allowed port list. Which is obviously because those ports don’t technically exist independently anymore.

Are ACLs not supported on Port Channels?

I just attempted the following as a test without Port-Channels

I had a client tagged onto port Gi0/1 on vlan 20
Internet was available via DHCP on vlan 40 on the uplink Gi0/16

But traffic wasn’t flowing, on the switch that was attached to the uplink on Gi0/16 it never learned any mac addresses beyond the first one from the cnMatrix itself’s management mac, it never got the translated traffic.

The client was attempted as untagged vlan 20 on port Gi0/1 and then we even attempted to put an additional switch between GI0/1 and the laptop so that the client could be passed as tagged to the cnMatrix on vlan 20 to be remapped… but the traffic didn’t appear to get remapped as still the switch connected on Gi0/16 didn’t actually see the clients mac.

Currently ACL cannot be applied to port channel. As a workaround, you can apply ACL to the individual ports of the port channel.

Ex: Ports Gi 0/2, 03 are links in a port channel
interface range gi 0/2-3
mac access-group 10 in
mac access-group 20 in