Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1083
Views
0
Helpful
4
Replies

VACL support on 2960 lanbase platform - release 12.2(55)SE

rrsstefano
Level 1
Level 1

ā€Ž05-17-2017 07:18 AM - edited ā€Ž03-08-2019 10:37 AM

Hi all,

I'm trying to investigate if vacl feature is officially supported on layer2-only 2960 lanbase switch like 2960-24-PC-L.

We have many switches actually running 12.2(55)SE1 or 12.2(55)SE5 version 

Following configuration guide I'm able to setup 'vlan access-map' and 'vlan filter' commands and seems to work

with simple acls  but all 'show commands seems to be not available and then troubleshooting is probably not so efficient; searching for similar discussion is not so clear what is the official answer....so I'm not sure if I can continue to test it or if it was better to use the port acl feature that is not the same ( acl only in input direction )

Thanks for any suggestion

Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

ā€Ž05-17-2017 08:07 AM

Hi

you can check this yourself I just had a quick look but I don't see it as a supported feature under the feature navigator for that 12.2(55)SE1

http://cfn.cloudapps.cisco.com/ITDIT/CFN/jsp/SearchBySoftware.jsp

0 Helpful

rrsstefano
Level 1
Level 1
In response to Mark Malone

ā€Ž05-18-2017 03:40 AM

Hi Mark thanks

I checked as you suggested and effectively it seems that VACL is  not supported...but also pacl is not....and now I am surprised....

Because we are going to implement port acls ( it was our first choice ) on a large networks ( test seems to be OK ) and vacl was a further option to investigate providing in theory the capability to filter traffic in in and out direction....

But out of pro/cons the question is : it is feasible to implement features like these without an official support?

Thanks for all reply

Stefano

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to rrsstefano

ā€Ž05-18-2017 03:56 AM

so just from experience I would avoid that but its up to you really , I ran into a similar issue with a feature called MPP its there in ios-xe and when you configure it , it takes the syntax etc and even certain parts work but when I raised a TAC case as I couldn't figure out why only some parts of it worked , they explained it wasn't an ios-xe feature it was an ios-xr feature but the syntax was there anyway in ios-xe and they would not support it and closed the case, so your on your own if something goes wrong on it basically, I ended up removing it and raising a feature request , 6 months later still waiting on it t be added fully to ios-xe releases :)

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to rrsstefano

ā€Ž05-18-2017 04:02 AM

Don't rely on Feature Navigator because it is often wrong in my experience.

Instead use the configuration guide for your switch and IOS version -

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swacl.html#73958

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card