04-06-2011 03:15 PM - edited 03-11-2019 01:17 PM
Can someone please tell me whether reflexsive access-list is supported by Catalyst 3560G running 12.2(44)SE6 Advanced IP Services IOS? I tested my access-list on a router and it works like a charm. But when I applied it to the Catalyst 3560 vlan interface, no cigar. Thanks.
interface vlan 255
ip address 172.20.255.25 255.255.255.248
ip access-group TEST_INBOUND in
ip access-group TEST_OUTBOUND out
no ip redirects
no ip proxy-arp
ip access-list extended TEST_INBOUND
permit tcp any host 10.150.169.23 eq www log
permit tcp any host 10.170.24.15 eq www log
permit tcp any host 10.170.24.16 eq www log
permit tcp any host 10.150.169.22 eq www log
evaluate MIRROR
ip access-list extended TEST_OUTBOUND
permit tcp any any reflect MIRROR
permit udp any any reflect MIRROR
permit icmp any any reflect MIRROR
Solved! Go to Solution.
04-07-2011 03:00 AM
For 12.2.(25) and above....
More specifically
Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the "Configuring IP Services" section in the "IP Addressing and Services" chapter of the Cisco IOS IP Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
The switch does not support these Cisco IOS router ACL-related features:
•Non-IP protocol ACLs (see Table 31-1) or bridge-group ACLs
•IP accounting
•Inbound and outbound rate limiting (except with QoS ACLs)
•Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)
•ACL logging for port ACLs and VLAN maps
HTH>
04-07-2011 03:00 AM
For 12.2.(25) and above....
More specifically
Configuring IP v4ACLs on the switch is the same as configuring IPv4 ACLs on other Cisco switches and routers. The process is briefly described here. For more detailed information on configuring ACLs, see the "Configuring IP Services" section in the "IP Addressing and Services" chapter of the Cisco IOS IP Configuration Guide, Release 12.2. For detailed information about the commands, see the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.
The switch does not support these Cisco IOS router ACL-related features:
•Non-IP protocol ACLs (see Table 31-1) or bridge-group ACLs
•IP accounting
•Inbound and outbound rate limiting (except with QoS ACLs)
•Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)
•ACL logging for port ACLs and VLAN maps
HTH>
04-07-2011 12:48 PM
Andrew,
Thanks for your help.
04-08-2011 01:24 AM
np - glad to help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide