access list applied to switch interface ?

fran19422 · ‎12-05-2013

Hello, I have a 3550 switch configured with vlans.

I tried to apply a standard access list to one of the switch ethernet interfaces, however it would not let me.

Is it normal behaviour that if your switch has vlans configued, then you cannot apply ACLs to switch ethernet interfaces (they can only be applied to the vlan interface of the switch) ?

Thanks for any help.

Jose Solano · ‎12-05-2013

HI,

See on this link below you will find the supported ACLs:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swacl.html#wp1046692

The switch supports three applications of ACLs to filter traffic:

•Router ACLs access-control routed traffic between VLANs and are applied to Layer 3 interfaces. You can apply one router ACL in each direction on an interface.

•Port ACLs access-control traffic entering a Layer 2 interface. The switch does not support port ACLs in the outbound direction. You can apply only one IP access list and one MAC access list to a Layer 2 interface.

•VLAN ACLs or VLAN maps access-control all packets (bridged and routed). You can use VLAN maps to filter traffic between devices in the same VLAN. VLAN maps are configured to provide access-control based on Layer 3 addresses for IP. Unsupported protocols are access-controlled through MAC addresses by using Ethernet ACEs. After a VLAN map is applied to a VLAN, all packets (routed or bridged) entering the VLAN are checked against the VLAN map. Packets can either enter the VLAN through a switch port or through a routed port after being routed.

Hope this helps.