Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
16356
Views
3
Helpful
4
Replies

Access list in Layer 2 switch

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎09-29-2009 11:44 PM - edited ‎03-06-2019 07:56 AM

kindly explain me how access list works in layer 2 switches , though layer 2 switch will forward traffic based on CAM table .

How access list statement is excute inside switch processor though access list hold ip address .

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rducombl
Cisco Employee
Cisco Employee

‎09-29-2009 11:49 PM

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

View solution in original post

4 Replies 4

Go to solution
rducombl
Cisco Employee
Cisco Employee

‎09-29-2009 11:49 PM

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

Go to solution
SANTHOSHKUMAR SARAVANAN
Level 4
Level 4
In response to rducombl

‎09-30-2009 12:11 AM

Hi roland

kindly brief me for 2950 switch ,and also 4506 switches , it will be much helpful

0 Helpful

Go to solution
rducombl
Cisco Employee
Cisco Employee
In response to SANTHOSHKUMAR SARAVANAN

‎09-30-2009 02:17 AM

Cat4506 support all type of L3/L4 ACL applied to Vlan interface, VACL (vlan map)

or even port acl applied to switchport.

see :

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configuration/guide/secure.html

2950 is a bit more limited in regards to amount of acl you can configure. Here is the doc :

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swacl.html

Roland

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to SANTHOSHKUMAR SARAVANAN

‎09-30-2009 04:19 AM

Believe the 2950 can only filter inbound on the port and there are other restrictions like the amount of different masks you can use in the ACL's etc... Don't think it is a widely used feature at the access layer...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card