ACL on 2948-L3

Discussion in 'Cisco' started by gani, Apr 1, 2004.

  1. gani

    gani Guest

    Is it really possible to apply ACL on 2948-L3?
    I'm a bit confused here because from what I read on the discussions
    here:

    http://groups.google.com/groups?hl=...l3&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search

    one said ACL only supported on gigabit interfaces and the other one
    said in practice it's working on other interfaces.

    I need the ACL to limit access from one VLAN to the others.
    Workstations from different VLANs connected to this switch (as
    a gateway). This L3 also connected to the other L2 switches
    using fastethernet, not gigabit.

    If it's not possible, is there a way to apply such restrictions
    using the L3?

    Thanks in advance

    Gani
    gani, Apr 1, 2004
    #1
    1. Advertising

  2. In article <>,
    gani <> wrote:
    :Is it really possible to apply ACL on 2948-L3?

    Yes.

    :I'm a bit confused here because from what I read on the discussions
    :here:

    :http://groups.google.com/groups?hl=...l3&ie=UTF-8&oe=UTF-8&hl=en&btnG=Google+Search

    :eek:ne said ACL only supported on gigabit interfaces and the other one
    :said in practice it's working on other interfaces.

    I don't know if "in practice" it works any other way. Not impossible;
    ours moved on before (20) arrived.


    :I need the ACL to limit access from one VLAN to the others.
    :Workstations from different VLANs connected to this switch (as
    :a gateway). This L3 also connected to the other L2 switches
    :using fastethernet, not gigabit.

    :If it's not possible, is there a way to apply such restrictions
    :using the L3?

    Officially, all ACL processing on the C2948G-L3 is done by the CPU
    on behalf of the gigabit interfaces. There is a configuration option
    to force data between ports to be processed by the gigabit ACLs, so that
    you can -effectively- do per-port ACL processing... but in CPU time,
    not in ASIC time.
    --
    IEA408I: GETMAIN cannot provide buffer for WATLIB.
    Walter Roberson, Apr 1, 2004
    #2
    1. Advertising

  3. gani

    Steinar Haug Guest

    [Walter Roberson]

    | :eek:ne said ACL only supported on gigabit interfaces and the other one
    | :said in practice it's working on other interfaces.
    |
    | I don't know if "in practice" it works any other way. Not impossible;
    | ours moved on before (20) arrived.

    It works on GigE interfaces, not on the others.

    | :If it's not possible, is there a way to apply such restrictions
    | :using the L3?
    |
    | Officially, all ACL processing on the C2948G-L3 is done by the CPU
    | on behalf of the gigabit interfaces. There is a configuration option
    | to force data between ports to be processed by the gigabit ACLs, so that
    | you can -effectively- do per-port ACL processing... but in CPU time,
    | not in ASIC time.

    I don't believe this is strictly correct. The ACLs on the GigE ports
    are performed in hardware ASICs, with no CPU hit. Worked for us with
    testing and production traffic.

    That being said, the 2948G-L3 is a rather old box, and there are many
    cheaper *and* more capable boxes available today. I'd look into other
    hardware, for instance the 3550.

    Steinar Haug, Nethelp consulting,
    Steinar Haug, Apr 1, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    565
    Shad T
    Jun 29, 2004
  2. Tejinashi

    vlans on 2948

    Tejinashi, Apr 4, 2006, in forum: Cisco
    Replies:
    2
    Views:
    487
    Peter
    Apr 5, 2006
  3. Michael Mueller

    Debug UDP Packets on Cisco 2948 with CatOS

    Michael Mueller, Dec 20, 2006, in forum: Cisco
    Replies:
    0
    Views:
    1,070
    Michael Mueller
    Dec 20, 2006
  4. Replies:
    3
    Views:
    1,207
  5. Vincent

    Cisco 2948 Switch Kaput?

    Vincent, Mar 10, 2009, in forum: Cisco
    Replies:
    1
    Views:
    1,185
    Doug McIntyre
    Mar 10, 2009
Loading...

Share This Page