Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP Inspect on a 3560 IOS

Hi all,

I have a need to use a 3560 switch to terminate a provider's internet connection, but want to secure it so that it and the vlans connected to it are not wide open. At the same time, I'd like to use stateful packet inspection.

I have IOS 12.2(44)SE2, but IPBASE running on my 3560s. Is there an IOS (perhaps the ADVIPSERVICES of that version?) that allows a 3560 to use the 'ip inspect' command?

Everyone's tags (4)
2 REPLIES
Cisco Employee

IP Inspect on a 3560 IOS

Hello,

To my best knowledge, IP Inspect is not supported in any IOS feature set available for Catalyst 3560 and personally, I do not foresee this feature to be supported on this platform. Deep stateful packet inspection on multilayer switches would require specialized ASICs to perform these operations at the sufficient speed. The lowest Catalyst platform appearing to support the IP Inspect (CBAC) is the 4500 with the Access Gateway Module (AGM) installed (which is EOL since 2004) and 6500.

Sorry to disappoint you here.

Best regards,

Peter

Re: IP Inspect on a 3560 IOS

you want a router not a layer 3 switch.

Sent from Cisco Technical Support iPad App

749
Views
0
Helpful
2
Replies