3550 packet processing

LuvMacheen · ‎09-15-2005

I can't find anywhere on cisco's site how a 3550 process a packet (order of operation).

Specifically here is my issue.

I have vlan 1 + 2 on my 3550. I have an access-list applied to vlan 2. When a device in vlan2 attempts to talk to ANOTHER device in vlan 2... the access-list is is denying some of the traffic...

Should that be happening? Where does the access-list processing come into play? I would have guessed that since I am in the same vlan the packet is switched without processing the access-list...

kennylls · ‎09-15-2005

It would be helpful if you could paste your config here.

mlanglois · ‎09-16-2005

Yes this is normal behavior...

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/swacl.htm

Specifically

Switches traditionally operate at Layer 2 only, switching traffic within a VLAN, whereas routers route traffic between VLANs. The Catalyst 3550 switch can accelerate packet routing between VLANs by using Layer 3 switching. The switch bridges the packet, the packet is then routed internally without going to an external router, and then the packet is bridged again to send it to its destination. During this process, the switch can access-control all packets it switches, including packets bridged within a VLAN.

And

VLAN ACLs or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. VLAN maps are configured to provide access-control based on Layer 3 addresses for IP. Unsupported protocols are access-controlled through MAC addresses by using Ethernet ACEs. After a VLAN map is applied to a VLAN, all packets (routed or bridged) entering the VLAN are checked against the VLAN map. Packets can either enter the VLAN through a switch port or through a routed port after being routed.