Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Can ACL block source and dest IP on layer 2 interface?

I want to allow only a few subnets across the trunk link switch.

Can ACL block source and dest IP on a layer 2 interface?  e.g

int Gi0/1

switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 3, 4
ip acces-group ACL-LIST in
!

OR

ACL can only block traffic on layer 3 interface? e.g

interface vlan 100

ip add 10.10.10.10 255.0.0.0.0

ip acces-group ACL-LIST in

cheers

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Can ACL block source and dest IP on layer 2 interface?

after1111 wrote:

Hi Jon,

3750.

I was told you cant apply ACL on a layer 2 interface because its only read frame, not IP, is this true?

No it's not true. The 3750 supports normal IP access-lists on L2 ports and L2 trunk ports, the main restriction being it can only be applied in the inbound direction -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667255

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Can ACL block source and dest IP on layer 2 interface?

which switch ?

Jon

New Member

Re: Can ACL block source and dest IP on layer 2 interface?

Hi Jon,

3750.

I was told you cant apply ACL on a layer 2 interface because its only read frame, not IP, is this true?

Hall of Fame Super Blue

Re: Can ACL block source and dest IP on layer 2 interface?

after1111 wrote:

Hi Jon,

3750.

I was told you cant apply ACL on a layer 2 interface because its only read frame, not IP, is this true?

No it's not true. The 3750 supports normal IP access-lists on L2 ports and L2 trunk ports, the main restriction being it can only be applied in the inbound direction -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_50_se/configuration/guide/swacl.html#wp1667255

Jon

256
Views
0
Helpful
3
Replies
CreatePlease to create content