Are the ACLs in Cat3560 statefull or stateless?

Answered Question
Aug 1st, 2010
User Badges:

Hello


Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Correct Answer by Jon Marshall about 6 years 8 months ago

alexandrfedchenko wrote:


Hello


Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?


Alexandr


Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
CSCO11584685 Mon, 08/02/2010 - 05:30
User Badges:

AFAIK if you use reflexive ACL then it is statefull, if you use the normal ACL then it would be stateless.

Correct Answer
Jon Marshall Mon, 08/02/2010 - 08:12
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

alexandrfedchenko wrote:


Hello


Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?


Alexandr


Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.


Jon

alexandrfedchenko Mon, 08/02/2010 - 23:16
User Badges:

i'm not sure the 3560 supports reflexive acls

No, it isn't.


The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 34-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging for port ACLs and VLAN maps


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swacl.html


Many thanks to all.

Actions

This Discussion

Related Content