Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Access list in Layer 2 switch

kindly explain me how access list works in layer 2 switches , though layer 2 switch will forward traffic based on CAM table .

How access list statement is excute inside switch processor though access list hold ip address .

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Access list in Layer 2 switch

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

4 REPLIES
Cisco Employee

Re: Access list in Layer 2 switch

Hi,

It depends on what type of switch you are talking about. Some switches operating at layer 2 have a TCAM ASIC that is capable to look up to IP/TCP layer and filter based on that. So you can apply ip access-list even on a layer 2 switches.

But again it all depends on the switch type.

Roland

Re: Access list in Layer 2 switch

Hi roland

kindly brief me for 2950 switch ,and also 4506 switches , it will be much helpful

Cisco Employee

Re: Access list in Layer 2 switch

Cat4506 support all type of L3/L4 ACL applied to Vlan interface, VACL (vlan map)

or even port acl applied to switchport.

see :

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/52sg/configuration/guide/secure.html

2950 is a bit more limited in regards to amount of acl you can configure. Here is the doc :

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/configuration/guide/swacl.html

Roland

Purple

Re: Access list in Layer 2 switch

Believe the 2950 can only filter inbound on the port and there are other restrictions like the amount of different masks you can use in the ACL's etc... Don't think it is a widely used feature at the access layer...

5604
Views
3
Helpful
4
Replies