On Mon, Aug 28, 2000 at 09:58:24AM +0200, Xavier wrote:
> I would like to protect a network connected to a router via a 2924XL switch.
> Problem: I would like to apply the access-list on the switch and not on
> the router (to avoid a high load).
>
> I defined an access-list and applied to the default VLAN (1). It does not
> work! Is there a problem? Can I apply acl in a VLAN?
Sounds like you've bought the wrong box for the task. This is definitely
doable on a Cat6k (hell, I've done it before, so feel free to contact me
off-list for configs), but I'm almost entirely sure the 2924XL and other
lesser switches offer no such functionality.
Closest thing you can do is trunk between this switch and a real
router/firewall box, and impose your ACL's on there. Of course, this
wouldn't help you filter traffic WITHIN a VLAN, which you might be asking
for, judging from the content of your original post.
Cheers,
-adam
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT