cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
898
Views
0
Helpful
2
Replies
aweise
Beginner

IP Inspect on a 3560 IOS

Hi all,

I have a need to use a 3560 switch to terminate a provider's internet connection, but want to secure it so that it and the vlans connected to it are not wide open. At the same time, I'd like to use stateful packet inspection.

I have IOS 12.2(44)SE2, but IPBASE running on my 3560s. Is there an IOS (perhaps the ADVIPSERVICES of that version?) that allows a 3560 to use the 'ip inspect' command?

2 REPLIES 2
Peter Paluch
Hall of Fame Cisco Employee

Hello,

To my best knowledge, IP Inspect is not supported in any IOS feature set available for Catalyst 3560 and personally, I do not foresee this feature to be supported on this platform. Deep stateful packet inspection on multilayer switches would require specialized ASICs to perform these operations at the sufficient speed. The lowest Catalyst platform appearing to support the IP Inspect (CBAC) is the 4500 with the Access Gateway Module (AGM) installed (which is EOL since 2004) and 6500.

Sorry to disappoint you here.

Best regards,

Peter

Jeff Van Houten
Contributor

you want a router not a layer 3 switch.

Sent from Cisco Technical Support iPad App