Access list in Layer 2 switch

Answered Question
Sep 29th, 2009

kindly explain me how access list works in layer 2 switches , though layer 2 switch will forward traffic based on CAM table .

How access list statement is excute inside switch processor though access list hold ip address .

I have this problem too.
0 votes
Correct Answer by rducombl about 7 years 2 months ago

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Correct Answer
rducombl Tue, 09/29/2009 - 23:49

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

rducombl Wed, 09/30/2009 - 02:17

Cat4506 support all type of L3/L4 ACL applied to Vlan interface, VACL (vlan map)

or even port acl applied to switchport.

see :

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configuration/guide/secure.html

2950 is a bit more limited in regards to amount of acl you can configure. Here is the doc :

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swacl.html

Roland

glen.grant Wed, 09/30/2009 - 04:19

Believe the 2950 can only filter inbound on the port and there are other restrictions like the amount of different masks you can use in the ACL's etc... Don't think it is a widely used feature at the access layer...

Actions

This Discussion