Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
5
Helpful
4
Replies

Access Lists

nunoscosta
Level 1
Level 1

‎09-08-2006 08:30 AM - edited ‎03-03-2019 04:52 AM

Hi guys,

If i set one access list in a layer two device it will work? Why? The device is not supposed to work with layer 3 right?

What is the difference between IP access-list and just access-list? Its about standard and extended?

Thank you!

Labels:
0 Helpful
4 Replies 4

mmorris11
Level 4
Level 4

‎09-08-2006 09:36 AM

What is the application of the ACL on the L2 device? Also, not all ACLs are L3 ACLs, what does yours look like?

gpulos
Level 8
Level 8

‎09-08-2006 11:17 AM

1) YES,

you can configure ACLs for layer 2 connectivity and it would work because you would have configured it as a 'layer 2' access-list.

2) not sure if 'the device is not supported to work with layer 3' because you have not specified what model the device is. post the model and we can answer that for you.

3) correct,

as you've put it, the diffence between IP access-list and access-list is that an IP access-list will be extended. a standard access-list does not need IP specified.

(it only needs the correct access-list numbering to be identified as used for IP)

an ip access-list is an access-list that filters on IP properties such as IP address and IP port number.

(IP itself covers all TCP and UDP protocols)

please see the following link for more info on access-lists:

http://www.cisco.com/en/US/tech/tk648/tk361/tk821/tsd_technology_support_sub-protocol_home.html

nunoscosta
Level 1
Level 1
In response to gpulos

‎09-08-2006 12:17 PM

The device is a cat4507r and i know that support layer 3 but the question is not about that.

The cat4507r its configured only with vlans and no routing protocols or layer 3 configuration.

The same question is about default-gateway. The switch do not know what is one ip address! How it works? if i type ip access-list MULTICAST

deny 224.255.0.1 0.0.255.255

How can it works on a layer 2 device?

:|

0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to nunoscosta

‎09-08-2006 12:52 PM

VACLs can filter traffic based on layer 3 information at layer 2 level. In other words, you could configure ACLs and use it to filter layer 3 traffic though you mayn't configured have layer 3 interfaces in the switch at all.

Check out this link.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a7e.html#wp1055968

HTH

Sundar

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents