Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
5
Helpful
2
Replies

How does L2 Access Switch process DACLs pushed by ISE?

Go to solution
m1xed0s
Spotlight
Spotlight

‎04-29-2022 10:34 AM

I have not touched ISE or 802.1x auth for a while now but simply can not figure out how does access layer switch handles the DACLs OR even just a manually defined ACL for the port...

 

Say I have a C9500 as the core and C9200 as the access layer and use the ACL below as any example for this discussion. Once I associated the ACL with an access port (say Gi1/0/1) manually OR ACL got pushed down by ISE after user's authentication and authorization process on the port, how will the C9200 process the rules against user traffic? It is a l2 switch and has no concept of L3, right? Or it is still capable to check the IP headers with the TCP/UDP information of the traffic entering on the port even it is just a l2 switch?

 

permit tcp any host 192.168.100.200 eq 53

permit udp any host 192.168.100.200 eq 53

permit udp any host 192.168.100.200 eq ntp

deny ip any 192.168.0.0 0.0.255.255

permit ip any any

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎04-29-2022 10:51 AM

Hi

 This is indeed a great question!  

This is possible thanks to something called TCAM. Which is a special type of memory present on switches. Although some switches does not hold Layer 3 capability, they are able to process up layers thanks to the TCAM. 

Here in the blog there´s a interesting reading about this:

 

https://learningnetwork.cisco.com/s/article/tcam-demystified 

Enjoy!

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎04-29-2022 10:51 AM

Hi

 This is indeed a great question!  

This is possible thanks to something called TCAM. Which is a special type of memory present on switches. Although some switches does not hold Layer 3 capability, they are able to process up layers thanks to the TCAM. 

Here in the blog there´s a interesting reading about this:

 

https://learningnetwork.cisco.com/s/article/tcam-demystified 

Enjoy!

 

0 Helpful

Go to solution
m1xed0s
Spotlight
Spotlight
In response to Flavio Miranda

‎04-29-2022 11:32 AM

Thanks for the information!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card