Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Catalyst 3550-24-SMI and EMI

which switch has the capability to block certain IP address from sending traffic to the switch

2 REPLIES
New Member

Re: Catalyst 3550-24-SMI and EMI

SMI is just switching software. The EMI software also has the routing function built in.

New Member

Re: Catalyst 3550-24-SMI and EMI

You can block by IP address with either an SMI or EMI image on a 3550. The 3550 EMI supports Access control lists applied to L2 or L3 interfaces and the 3550 SMI image supports access control lists applied to L2 ports only.

The following is an excerpt from the configuration documentation located at:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1219ea1/3550scg/swacl.htm#xtocid2

----------------------------------------------------------------------------------------------------------

Supported ACLs

The switch supports three applications of ACLs to filter traffic:

Router ACLs access-control routed traffic between VLANs and are applied to Layer 3 interfaces. All Catalyst 3550 switches can create router ACLs, but you must have the enhanced multilayer software image on your switch to apply an ACL to a Layer 3 interface and filter packets routed between VLANs.

Port ACLs access-control traffic entering a Layer 2 interface. The switch does not support port ACLs in the outbound direction. You do not need the enhanced image to apply an ACL to a Layer 2 interface. You can apply only one IP access list and one MAC access list to a Layer 2 interface.

VLAN ACLs or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. You do not need the enhanced image to create or apply VLAN maps. VLAN maps are configured to provide access-control based on Layer 3 addresses for IP. Unsupported protocols are access-controlled through MAC addresses by using Ethernet ACEs. After a VLAN map is applied to a VLAN, all packets (routed or bridged) entering the VLAN are checked against the VLAN map. Packets can either enter the VLAN through a switch port or through a routed port after being routed.

You can use both router ACLs and VLAN maps on the same switch. However, you cannot use port ACLs on a switch that contains input router ACLs or VLAN maps.

When a switch has a Layer 2 interface with an applied IP access list or MAC access list, you can create IP access lists and VLAN maps, but you cannot apply an IP access list to an input Layer 3 interface on that switch, and you cannot apply a VLAN map to any of the switch VLANs. An error message is generated if you attempt to do so. You can still apply an IP access list to an output Layer 3 interface on a switch with port ACLs.

When a switch has an input Layer 3 ACL or a VLAN map applied to it, you cannot apply an IP access list or MAC access list to a Layer 2 interface on that switch. An error message is generated if you attempt to do so. You can apply a port ACL if the switch has an ACL applied to an output Layer 3 interface.

----------------------------------------------------------------------------------------------------------

Hope this helps.

188
Views
0
Helpful
2
Replies