Re: Apply ACL on SVI from Joe Sanchez on 2013-11-11 (Ccielab archives 12/2013)

From: Joe Sanchez <marco207p_at_gmail.com>
Date: Mon, 11 Nov 2013 17:05:46 -0500

Absolutely you should be able to apply an ACL to a SVI to block traffic between Subnets.

And have been on every Layer 3 switch I've ever touched since 2001.

As long as your 4500 switch has a L3 supervisor your golden.

Regards,
Joe Sanchez

(Please excuse the brevity and spelling of this email as it was sent via a mobile smart-device.)

On Nov 11, 2013, at 12:09 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:

> So I think you can apply Router ACLs on 4500 switches. Just an FYI, you
> couldnt do the same on a cat 3650/3750 switches (at least the last time I
> checked/tried).
>
> Please see below for more information on the cat 4500 switches.
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html#wp1050430
>
> HTH
>
> Sadiq
>
>
> On Mon, Nov 11, 2013 at 3:43 PM, Vishal Rane <vishal.rane_at_hotmail.co.in>wrote:
>
>> hi
>>
>> cisco 4507
>> version 12.4
>>
>>
>> ------------------------------
>> Date: Mon, 11 Nov 2013 14:34:27 +0000
>> Subject: Re: Apply ACL on SVI
>> From: sadiqtanko_at_gmail.com
>> To: vishal.rane_at_hotmail.co.in
>> CC: ccielab_at_groupstudy.com
>>
>> Hi Vishal,
>>
>> This is not possible on some Cisco switches. It will be useful if you can
>> specify the switch hardware and software version.
>>
>> Sadiq
>>
>>
>> On Mon, Nov 11, 2013 at 2:19 PM, Vishal Rane <vishal.rane_at_hotmail.co.in>wrote:
>>
>> Hello
>> Here is scenario for ACL on SVI
>> plz guide with right inbond / outbond acl to apply on SVI
>>
>>
>> office_A connect to Office_B on different floors on vlan 10
>> need to allow inbond and outbond traffic
>> Config of Office_A and host
>> VLAN
>> int vlan 10
>> ip address 192.168.177.254 255.255.255.252
>> Allow the following host to communicate with host of Office_B
>> host 192.168.110 port 443
>> host 192.168.1.16
>> network 192.168.25.0/24
>> Network of Office_B
>> allow following host to communicate with hos of Office_A
>> 192.168.100.10 port 443
>> 1192.168.100.17
>> 192.168.27.0/24
>>
>>
>> thanks
>> Vishal
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> CCIEx2 (R&S|Sec) #19963
>
>
>
> --
> CCIEx2 (R&S|Sec) #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 11 2013 - 17:05:46 ART

This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 20:26:19 ART