09-29-2009 11:44 PM - edited 03-06-2019 07:56 AM
kindly explain me how access list works in layer 2 switches , though layer 2 switch will forward traffic based on CAM table .
How access list statement is excute inside switch processor though access list hold ip address .
Solved! Go to Solution.
09-29-2009 11:49 PM
Hi,
It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.
But again it all depends on the switch type.
Roland
09-29-2009 11:49 PM
Hi,
It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.
But again it all depends on the switch type.
Roland
09-30-2009 12:11 AM
Hi roland
kindly brief me for 2950 switch ,and also 4506 switches , it will be much helpful
09-30-2009 02:17 AM
Cat4506 support all type of L3/L4 ACL applied to Vlan interface, VACL (vlan map)
or even port acl applied to switchport.
see :
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configuration/guide/secure.html
2950 is a bit more limited in regards to amount of acl you can configure. Here is the doc :
Roland
09-30-2009 04:19 AM
Believe the 2950 can only filter inbound on the port and there are other restrictions like the amount of different masks you can use in the ACL's etc... Don't think it is a widely used feature at the access layer...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide