cisco c3550 passes udp despite ACL

Discussion in 'Hardware' started by sdutky, Oct 9, 2006.

  1. sdutky

    sdutky

    Joined:
    Oct 9, 2006
    Messages:
    3
    Hi,
    I have configured a c3550 switch thusly:

    interface FastEthernet0/1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan n1, n2, n3, etc
    switchport mode dynamic desirable
    ip access-group 101 in
    speed 100
    duplex full
    end
    !<snip>
    access-list 101 deny udp any any
    access-list 101 permit ip any any

    sniffing FastEthernet0/1 shows udp continues to roll in.
    deny tcp any any and deny ip any any function, as expected w/o problem.

    This shows up on ios c3550-ipservices-mz.122-25.SEE2.bin and c3550-i5q3l2-mz.121-22.EA1a.bin.

    Has anyone seen this before? Am I doing something dumb?

    Thanks.
     
    sdutky, Oct 9, 2006
    #1
    1. Advertising

  2. sdutky

    sdutky

    Joined:
    Oct 9, 2006
    Messages:
    3
    doh! Configuring SPAN:

    <snip>
    Some features that can cause a packet to be dropped during receive processing have no effect on SPAN; the destination port receives a copy of the packet even if the actual incoming packet is dropped. These features include IP standard and extended input access control lists (ACLs), IP standard and extended output ACLs for unicast, VLAN maps, ingress QoS policing, and policy-based routing. Switch congestion that causes packets to be dropped also has no effect on SPAN.
    <snip>


    Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(6)EA1
    http://cco.cisco.com/en/US/products...figuration_guide_chapter09186a008007d713.html
     
    sdutky, Oct 10, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=

    C2950 (and C3550) with 10Mbit transceiver

    =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=, Jul 8, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,107
    =?ISO-8859-2?Q?Pawe=B3_Go=B3aszewski?=
    Jul 8, 2003
  2. Tom
    Replies:
    2
    Views:
    5,448
  3. Bruce Campbell
    Replies:
    0
    Views:
    1,626
    Bruce Campbell
    Apr 3, 2004
  4. Dirk te Waar
    Replies:
    0
    Views:
    402
    Dirk te Waar
    Apr 18, 2005
  5. Vincent
    Replies:
    4
    Views:
    1,340
    Doug McIntyre
    Oct 10, 2006
Loading...

Share This Page