Solved: Re: ACL ON CISCO SWITCHES

wahid · ‎10-09-2018

Hi,

since cisco switches are L2 devices, why is it blocking traffic based on L3.

I setup

10 deny 10.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

and it would block traffic within the same vlan.

I have two pcs sitting on the switch , both configured in same vlan and applied that ACL. I also had deny Ip any any and it would drop pings.

my questions is that switches are L2 devices and send traffic based on mac address, so why it is dropping based on ip ???

thanks,

wahid

wahid · ‎10-10-2018

Thanks so much for your response, and definitely that link helped answer my question.

View solution in original post

Reza Sharifi · ‎10-09-2018

Hi,

Most newer switches are layer-2/3. So, if you have an SVI on the switch and apply an ACL to it, that is a layer-3 interface.

HTH

wahid · ‎10-09-2018

Thanks so much for the answer, greatly appreciate it.

Joseph W. Doherty · ‎10-09-2018

As Reza notes, most modern (Enterprise) L2 switches have some L3 features. Such L2 switches also used to be known as "enhanced", or "plus', L2 switches but, again now a days, it's pretty common. Also, many of Cisco's current (Enterprise) L2 switch often offer some very basic L3 routing support too.

BTW, you might want to look at this older post, which asks a somewhat similar question: https://community.cisco.com/t5/switching/identify-layer-2-switch-or-layer-3-switch/td-p/1859412

wahid · ‎10-10-2018

Thanks so much for your response, and definitely that link helped answer my question.