Solved: Re: Ip access list for L2 interface

fgasimzade · ‎02-12-2009

Simple question:

Is it possible to apply an ip access list to a Layer2 switchport configured as a trunk?

Tshi M · ‎02-12-2009

I haven't done this but here is what i found:

"When applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. When applied to a port with voice VLAN, the ACL filters traffic on both data and voice VLANs."

http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4

View solution in original post

fgasimzade · ‎02-12-2009

Guys, its urgent, please..))

JamesLuther · ‎02-12-2009

Hello,

You can use VACLs. The basic syntax is "vlan access-map" or check

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html

Tshi M · ‎02-12-2009

I haven't done this but here is what i found:

"When applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. When applied to a port with voice VLAN, the ACL filters traffic on both data and voice VLANs."

http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4

fgasimzade · ‎02-12-2009

Thank you!

Another question: is it possible to apply a policy-map configured with ACL to a trunk port?

fgasimzade · ‎02-12-2009

This is what I found:

Unlike regular Cisco IOS standard or extended ACLs that are configured on router interfaces only and are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface.

It seems it doesnt to right with

"When applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. When applied to a port with voice VLAN, the ACL filters traffic on both data and voice VLANs."