[c-nsp] access list help
Gert Doering
gert at greenie.muc.de
Fri Feb 6 04:19:37 EST 2009
Hi,
On Thu, Feb 05, 2009 at 08:49:58AM -0800, Jay Hennigan wrote:
> You don't. You do it in the router. A layer 2 switch is unaware of IP
> addresses or applications with regard to traffic passing through the
> switch. Because the switch doesn't examine or process IP address,
> protocol, or port information, it can't filter it.
There's a few exceptions which I think are noteworthy here - the Catalyst
2950 and 2960 permit filtering on IP and TCP/UDP information, even if they
are just "plain" layer 2 switches. The ACL capabilities are a bit restricted
("if it can't be mapped to TCAM it won't work") but it's still a very nice
thing to have.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090206/1465d024/attachment.bin>
More information about the cisco-nsp
mailing list