Problem with ACL on 2950

tonyp8581 · ‎05-17-2011

Hi,

I'm trying to configure an ACL on a 2950, but I can't seem to make it work properly.

here's my ACL,

access-list 100 permit ip host 10.136.10.1 host 10.12.5.176
access-list 100 deny ip any host 10.12.5.176
access-list 100 permit ip any any

I assigned the ACL on interface vlan 36

interface Vlan36
ip address 10.136.2.1 255.255.0.0
ip access-group 100 in
no ip route-cache

I'm using the following switch WS-C2950-12 with c2950-i6k2l2q4-mz.121-22.EA12.bin.

I did some reading. So far, I found I need an Enhanced image version to make this work. However, according to my switch,

I have an standard image.

Can someone confirm this ??

Thanks !!

Jon Marshall · ‎05-17-2011

Tony

The 2950 is a L2 switch only. This means you can apply your acl on a physical interface. But it makes no sense to apply it on the L3 vlan interface because that is not used to pass traffic for clients, it is only used for managing the actual switch.

So for this acl to work you need to apply it to the L3 vlan interface for vlan 36 that is on a L3 switch and actually routes the traffic for vlan 36.

If you don't have a L3 switch doing inter-vlan routing and vlan 36 is your only vlan you still can't do what you are trying to do. The vlan 36 interface on your 2950 is only used to connect to the switch itself to configure it.

Jon

tonyp8581 · ‎05-17-2011

Hi Jon,

Thanks for you quick answer.

About what I read concerning the 2950 with Enhanced image. Can you apply any kind of ACL on the real interface ?

Tony