VACLs apparently supported on 2960...

Peter Paluch · ‎07-26-2011

Dear friends,

Just by experimenting I have stumbled across the possibility of configuring and successfully applying VLAN ACLs (VACLs) on 2960 series Catalysts in IOS 12.2(58)SE1 LANBASE. However, there is absolutely no mention about this feature in any of the Configuration Guides nor Command References, and I was not able to see anything related to it in Release notes, either.

So is this VACL support actually intended to be present on 2960, or is that just an experimental and undocumented feature? An interesting fact is also that there are no show vlan access-map nor show vlan filter commands available, but the VACLs appear to be working.

If anyone has more information about it please let us know!

Best regards,

Peter

Latchum Naidu · ‎07-26-2011

Hi

The 2960 will not support VACL
Find the below link may give you idea.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/command/reference/debug.html

Please rate the helpfull posts.
Regards,
Naidu.

Peter Paluch · ‎07-26-2011

Hi Naidu,

Thanks for responding. Please do not misunderstand me - I am not asking about the debug platform acl vacl command. I have successfully created and applied a VACL configuration on the 2960 switch running 12.2(58)SE1 LANBASE, i.e. created a VLAN map and applied it using a VLAN filter command. The traffic was blocked or permitted exactly according to the ACLs referenced by the VLAN map.

I know myself that VACLs were not been supported on 2960 as they were primarily the domain of 3550/3560 and higher platforms. But apparently, at least in 12.2(58)SE1 for 2960, they are, so my question is if this is intended or just an experimental support.

Any Cisco engineer specializing in access switch solutions reading this?

Best regards,

Peter