«

My old 2924-XL-EN switch supports extended access lists. However, all
the documentation I have seen seems focused on IP filters.

Is there a way to have an access list that would permit/dey specific
ETHERNET protocols ?

For instance, allow only PPPoE (x8863 and x8864) packets ? Any examples
of the syntax for this ?

On Jan 5, 4:36*am, JF Mezei <jfmezei.spam...@vaxination.ca> wrote:
> My old 2924-XL-EN switch supports extended access lists. However, all
> the documentation I have seen seems focused on IP filters.
>
> Is there a way to have an access list that would permit/dey specific
> ETHERNET protocols ?
>
> For instance, allow only PPPoE (x8863 and x8864) packets ? Any examples
> of the syntax for this ?

I am fairly certain that a 2924 does not support layer 3 ACLs. Since
it is not routing any of your segments, it has no place to actually
implement them (as opposed to a 3700 or 6500 switch that would have
SVIs for each vlan and then has a point when traffic ingresses or
egresses to each vlan). It may support an ACL for that mgmt
interface, but that is to just restrict IPs from getting to the
interface for security purposes. I'll search for syntax to the bigger
question, but am pretty sure it would require a full L3 capable switch
or a router, of which the 2924 is neither.