03-05-2012 12:04 PM - edited 03-07-2019 05:21 AM
Hi all,
I have a need to use a 3560 switch to terminate a provider's internet connection, but want to secure it so that it and the vlans connected to it are not wide open. At the same time, I'd like to use stateful packet inspection.
I have IOS 12.2(44)SE2, but IPBASE running on my 3560s. Is there an IOS (perhaps the ADVIPSERVICES of that version?) that allows a 3560 to use the 'ip inspect' command?
03-05-2012 01:58 PM
Hello,
To my best knowledge, IP Inspect is not supported in any IOS feature set available for Catalyst 3560 and personally, I do not foresee this feature to be supported on this platform. Deep stateful packet inspection on multilayer switches would require specialized ASICs to perform these operations at the sufficient speed. The lowest Catalyst platform appearing to support the IP Inspect (CBAC) is the 4500 with the Access Gateway Module (AGM) installed (which is EOL since 2004) and 6500.
Sorry to disappoint you here.
Best regards,
Peter
03-05-2012 06:32 PM
you want a router not a layer 3 switch.
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide