Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access list applied to switch interface ?

Hello, I have a 3550 switch configured with vlans.

I tried to apply a standard access list to one of the switch ethernet interfaces, however it would not let me.

Is it normal behaviour that if your switch has vlans configued, then you cannot apply ACLs to switch ethernet interfaces (they can only be applied to the vlan interface of the switch) ?

Thanks for any help.

  • LAN Switching and Routing

access list applied to switch interface ?


See on this link below you will find the supported ACLs:

The switch supports three applications of ACLs to filter traffic:

Router ACLs access-control routed traffic between VLANs and are applied to Layer 3 interfaces. You can apply one router ACL in each direction on an interface.

Port ACLs access-control traffic entering a Layer 2 interface. The switch does not support port ACLs in the outbound direction. You can apply only one IP access list and one MAC access list to a Layer 2 interface.

VLAN ACLs or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. VLAN maps are configured to provide access-control based on Layer 3 addresses for IP. Unsupported protocols are access-controlled through MAC addresses by using Ethernet ACEs. After a VLAN map is applied to a VLAN, all packets (routed or bridged) entering the VLAN are checked against the VLAN map. Packets can either enter the VLAN through a switch port or through a routed port after being routed.

Hope this helps.

This widget could not be displayed.