Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
0
Helpful
3
Replies

Reflexsive access-list on Catalyst 3560G L3

Go to solution
situwayne
Level 1
Level 1

‎04-06-2011 03:15 PM - edited ‎03-11-2019 01:17 PM

Can someone please tell me whether reflexsive access-list is supported by Catalyst 3560G running 12.2(44)SE6 Advanced IP Services IOS?  I tested my access-list on a router and it works like a charm.  But when I applied it to the Catalyst 3560 vlan interface, no cigar.  Thanks.

interface vlan 255

ip address 172.20.255.25 255.255.255.248
ip access-group TEST_INBOUND in
ip access-group TEST_OUTBOUND out
no ip redirects
no ip proxy-arp

ip access-list extended TEST_INBOUND
permit tcp any host 10.150.169.23 eq www log
permit tcp any host 10.170.24.15 eq www log
permit tcp any host 10.170.24.16 eq www log
permit tcp any host 10.150.169.22 eq www log
evaluate MIRROR


ip access-list extended TEST_OUTBOUND
permit tcp any any reflect MIRROR
permit udp any any reflect MIRROR
permit icmp any any reflect MIRROR

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎04-07-2011 03:00 AM

For 12.2.(25) and above....

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swacl.html

More specifically

Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs  on other Cisco switches and routers. The process is briefly described  here. For more detailed information on configuring ACLs, see the  "Configuring IP Services" section in the "IP Addressing and Services"  chapter of the Cisco IOS IP Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 31-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging for port ACLs and VLAN maps

HTH>

View solution in original post

0 Helpful
3 Replies 3

Go to solution
andrew.prince
Level 10
Level 10

‎04-07-2011 03:00 AM

For 12.2.(25) and above....

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swacl.html

More specifically

Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs  on other Cisco switches and routers. The process is briefly described  here. For more detailed information on configuring ACLs, see the  "Configuring IP Services" section in the "IP Addressing and Services"  chapter of the Cisco IOS IP Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 31-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging for port ACLs and VLAN maps

HTH>

0 Helpful

Go to solution
situwayne
Level 1
Level 1
In response to andrew.prince

‎04-07-2011 12:48 PM

Andrew,

Thanks for your help.

0 Helpful

Go to solution
andrew.prince
Level 10
Level 10
In response to situwayne

‎04-08-2011 01:24 AM

np - glad to help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card