05-17-2011 07:16 AM - edited 03-04-2019 12:25 PM
Hi,
I'm trying to configure an ACL on a 2950, but I can't seem to make it work properly.
here's my ACL,
access-list 100 permit ip host 10.136.10.1 host 10.12.5.176
access-list 100 deny ip any host 10.12.5.176
access-list 100 permit ip any any
I assigned the ACL on interface vlan 36
interface Vlan36
ip address 10.136.2.1 255.255.0.0
ip access-group 100 in
no ip route-cache
I'm using the following switch WS-C2950-12 with c2950-i6k2l2q4-mz.121-22.EA12.bin.
I did some reading. So far, I found I need an Enhanced image version to make this work. However, according to my switch,
I have an standard image.
Can someone confirm this ??
Thanks !!
05-17-2011 08:15 AM
Tony
The 2950 is a L2 switch only. This means you can apply your acl on a physical interface. But it makes no sense to apply it on the L3 vlan interface because that is not used to pass traffic for clients, it is only used for managing the actual switch.
So for this acl to work you need to apply it to the L3 vlan interface for vlan 36 that is on a L3 switch and actually routes the traffic for vlan 36.
If you don't have a L3 switch doing inter-vlan routing and vlan 36 is your only vlan you still can't do what you are trying to do. The vlan 36 interface on your 2950 is only used to connect to the switch itself to configure it.
Jon
05-17-2011 10:01 AM
Hi Jon,
Thanks for you quick answer.
About what I read concerning the 2950 with Enhanced image. Can you apply any kind of ACL on the real interface ?
Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide