Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > cisco c3550 passes udp despite ACL

Thread Tools

cisco c3550 passes udp despite ACL

sdutky sdutky is offline
Junior Member
Join Date: Oct 2006
Posts: 3
I have configured a c3550 switch thusly:

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan n1, n2, n3, etc
switchport mode dynamic desirable
ip access-group 101 in
speed 100
duplex full
access-list 101 deny udp any any
access-list 101 permit ip any any

sniffing FastEthernet0/1 shows udp continues to roll in.
deny tcp any any and deny ip any any function, as expected w/o problem.

This shows up on ios c3550-ipservices-mz.122-25.SEE2.bin and c3550-i5q3l2-mz.121-22.EA1a.bin.

Has anyone seen this before? Am I doing something dumb?

Reply With Quote
sdutky sdutky is offline
Junior Member
Join Date: Oct 2006
Posts: 3
doh! Configuring SPAN:

Some features that can cause a packet to be dropped during receive processing have no effect on SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), IP standard and extended output ACLs for unicast, VLAN maps, ingress QoS policing, and policy-based routing. Switch congestion that causes packets to be dropped also has no effect on SPAN.

Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(6)EA1
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 877 ACL problem w/ UDP ports Vincent Cisco 4 10-10-2006 12:05 AM
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
Connections drop after adding WS-C3550-24 to other Cisco switches. Dirk te Waar Cisco 0 04-18-2005 06:27 AM
PIX - Can extended ACL's be used as crypto ACL's on a PIX Shad T Cisco 0 06-29-2004 06:27 PM
udp (0) -> udp (0) traffic ? Tom Cisco 2 03-04-2004 06:06 PM