Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11852
Views
0
Helpful
3
Replies

Are the ACLs in Cat3560 statefull or stateless?

Go to solution
alexandrfedchenko
Level 1
Level 1

‎08-01-2010 11:17 PM - edited ‎03-06-2019 12:16 PM

Hello

Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-02-2010 08:12 AM 

alexandrfedchenko wrote:
Hello
Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Alexandr

Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
CSCO11584685
Level 1
Level 1

‎08-02-2010 05:30 AM

AFAIK if you use reflexive ACL then it is statefull, if you use the normal ACL then it would be stateless.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-02-2010 08:12 AM 

alexandrfedchenko wrote:
Hello
Are the ACLs in Catalyst 3560 works like stateful or stateless firewall in latest software version?

Alexandr

Standard and extended acls on all devices are stateless ie. they check each packet in isolation. You can use the keyword "established" in an extended acl for TCP connections to check the syn/ack in the packets and you can use reflexive access-lists which are a little more stateful although i'm not sure the 3560 supports reflexive acls.

Jon

0 Helpful

Go to solution
alexandrfedchenko
Level 1
Level 1
In response to Jon Marshall

‎08-02-2010 11:16 PM 

 i'm not sure the 3560 supports reflexive acls

No, it isn't.

The switch does not support these Cisco IOS router ACL-related features:

Non-IP protocol ACLs (see Table 34-1) or bridge-group ACLs

IP accounting

Inbound and outbound rate limiting (except with QoS ACLs)

Reflexive ACLs or dynamic ACLs (except for some specialized dynamic ACLs used by the switch clustering feature)

ACL logging for port ACLs and VLAN maps

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swacl.html

Many thanks to all.

0 Helpful
Customers Also Viewed These Support Documents