Access list in Layer 2 switch

Answered Question
Sep 29th, 2009
User Badges:
  • Silver, 250 points or more

kindly explain me how access list works in layer 2 switches , though layer 2 switch will forward traffic based on CAM table .

How access list statement is excute inside switch processor though access list hold ip address .

Correct Answer by rducombl about 7 years 5 months ago

Hi,


It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.


But again it all depends on the switch type.


Roland

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Correct Answer
rducombl Tue, 09/29/2009 - 23:49
User Badges:
  • Cisco Employee,

Hi,


It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.


But again it all depends on the switch type.


Roland

SANTHOSHKUMAR S... Wed, 09/30/2009 - 00:11
User Badges:
  • Silver, 250 points or more

Hi roland

kindly brief me for 2950 switch ,and also 4506 switches , it will be much helpful

rducombl Wed, 09/30/2009 - 02:17
User Badges:
  • Cisco Employee,


Cat4506 support all type of L3/L4 ACL applied to Vlan interface, VACL (vlan map)

or even port acl applied to switchport.

see :

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configuration/guide/secure.html


2950 is a bit more limited in regards to amount of acl you can configure. Here is the doc :

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swacl.html


Roland

glen.grant Wed, 09/30/2009 - 04:19
User Badges:
  • Purple, 4500 points or more

Believe the 2950 can only filter inbound on the port and there are other restrictions like the amount of different masks you can use in the ACL's etc... Don't think it is a widely used feature at the access layer...

Actions

This Discussion