Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > cisco c3550 passes udp despite ACL

Reply
Thread Tools

cisco c3550 passes udp despite ACL

 
 
sdutky sdutky is offline
Junior Member
Join Date: Oct 2006
Posts: 3
 
      10-09-2006
Hi,
I have configured a c3550 switch thusly:

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan n1, n2, n3, etc
switchport mode dynamic desirable
ip access-group 101 in
speed 100
duplex full
end
!<snip>
access-list 101 deny udp any any
access-list 101 permit ip any any

sniffing FastEthernet0/1 shows udp continues to roll in.
deny tcp any any and deny ip any any function, as expected w/o problem.

This shows up on ios c3550-ipservices-mz.122-25.SEE2.bin and c3550-i5q3l2-mz.121-22.EA1a.bin.

Has anyone seen this before? Am I doing something dumb?

Thanks.
 
Reply With Quote
 
 
 
 
sdutky sdutky is offline
Junior Member
Join Date: Oct 2006
Posts: 3
 
      10-10-2006
doh! Configuring SPAN:

<snip>
Some features that can cause a packet to be dropped during receive processing have no effect on SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), IP standard and extended output ACLs for unicast, VLAN maps, ingress QoS policing, and policy-based routing. Switch congestion that causes packets to be dropped also has no effect on SPAN.
<snip>


Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(6)EA1
http://cco.cisco.com/en/US/products/...08007d713.html
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 877 ACL problem w/ UDP ports Vincent Cisco 4 10-10-2006 12:05 AM
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
Connections drop after adding WS-C3550-24 to other Cisco switches. Dirk te Waar Cisco 0 04-18-2005 06:27 AM
PIX - Can extended ACL's be used as crypto ACL's on a PIX Shad T Cisco 0 06-29-2004 06:27 PM
udp (0) -> udp (0) traffic ? Tom Cisco 2 03-04-2004 06:06 PM



Advertisments