Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Are the ACLs in Cat3560 statefull or stateless?

Hello

Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Are the ACLs in Cat3560 statefull or stateless?

alexandrfedchenko wrote:

Hello

Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Alexandr

Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.

Jon

3 REPLIES
New Member

Re: Are the ACLs in Cat3560 statefull or stateless?

AFAIK if you use reflexive ACL then it is statefull, if you use the normal ACL then it would be stateless.

Hall of Fame Super Blue

Re: Are the ACLs in Cat3560 statefull or stateless?

alexandrfedchenko wrote:

Hello

Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Alexandr

Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.

Jon

New Member

Re: Are the ACLs in Cat3560 statefull or stateless?

i'm not sure the 3560 supports reflexive acls

No, it isn't.

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 34-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging for port ACLs and VLAN maps

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swacl.html

Many thanks to all.

5785
Views
0
Helpful
3
Replies