ā05-17-2017 07:18 AM - edited ā03-08-2019 10:37 AM
Hi all,
I'm trying to investigate if vacl feature is officially supported on layer2-only 2960 lanbase switch like 2960-24-PC-L.
We have many switches actually running 12.2(55)SE1 or 12.2(55)SE5 version
Following configuration guide I'm able to setup 'vlan access-map' and 'vlan filter' commands and seems to work
with simple acls but all 'show commands seems to be not available and then troubleshooting is probably not so efficient; searching for similar discussion is not so clear what is the official answer....so I'm not sure if I can continue to test it or if it was better to use the port acl feature that is not the same ( acl only in input direction )
Thanks for any suggestion
ā05-17-2017 08:07 AM
Hi
you can check this yourself I just had a quick look but I don't see it as a supported feature under the feature navigator for that 12.2(55)SE1
http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp
ā05-18-2017 03:40 AM
Hi Mark thanks
I checked as you suggested and effectively it seems that VACL is not supported...but also pacl is not....and now I am surprised....
Because we are going to implement port acls ( it was our first choice ) on a large networks ( test seems to be OK ) and vacl was a further option to investigate providing in theory the capability to filter traffic in in and out direction....
But out of pro/cons the question is : it is feasible to implement features like these without an official support?
Thanks for all reply
Stefano
ā05-18-2017 03:56 AM
so just from experience I would avoid that but its up to you really , I ran into a similar issue with a feature called MPP its there in ios-xe and when you configure it , it takes the syntax etc and even certain parts work but when I raised a TAC case as I couldn't figure out why only some parts of it worked , they explained it wasn't an ios-xe feature it was an ios-xr feature but the syntax was there anyway in ios-xe and they would not support it and closed the case, so your on your own if something goes wrong on it basically, I ended up removing it and raising a feature request , 6 months later still waiting on it t be added fully to ios-xe releases :)
ā05-18-2017 04:02 AM
Don't rely on Feature Navigator because it is often wrong in my experience.
Instead use the configuration guide for your switch and IOS version -
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide