Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Access Lists

Hi guys,

If i set one access list in a layer two device it will work? Why? The device is not supposed to work with layer 3 right?

What is the difference between IP access-list and just access-list? Its about standard and extended?

Thank you!


Re: Access Lists

What is the application of the ACL on the L2 device? Also, not all ACLs are L3 ACLs, what does yours look like?


Re: Access Lists

1) YES,

you can configure ACLs for layer 2 connectivity and it would work because you would have configured it as a 'layer 2' access-list.

2) not sure if 'the device is not supported to work with layer 3' because you have not specified what model the device is. post the model and we can answer that for you.

3) correct,

as you've put it, the diffence between IP access-list and access-list is that an IP access-list will be extended. a standard access-list does not need IP specified.

(it only needs the correct access-list numbering to be identified as used for IP)

an ip access-list is an access-list that filters on IP properties such as IP address and IP port number.

(IP itself covers all TCP and UDP protocols)

please see the following link for more info on access-lists:

New Member

Re: Access Lists

The device is a cat4507r and i know that support layer 3 but the question is not about that.

The cat4507r its configured only with vlans and no routing protocols or layer 3 configuration.

The same question is about default-gateway. The switch do not know what is one ip address! How it works? if i type ip access-list MULTICAST


How can it works on a layer 2 device?


Re: Access Lists

VACLs can filter traffic based on layer 3 information at layer 2 level. In other words, you could configure ACLs and use it to filter layer 3 traffic though you mayn't configured have layer 3 interfaces in the switch at all.

Check out this link.



CreatePlease to create content