Acess list filters at ethernet level

My old 2924-XL-EN switch supports extended access lists. However, all the documentation I have seen seems focused on IP filters.

Is there a way to have an access list that would permit/dey specific ETHERNET protocols ?

For instance, allow only PPPoE (x8863 and x8864) packets ? Any examples of the syntax for this ?

Reply to
JF Mezei
Loading thread data ...

I am fairly certain that a 2924 does not support layer 3 ACLs. Since it is not routing any of your segments, it has no place to actually implement them (as opposed to a 3700 or 6500 switch that would have SVIs for each vlan and then has a point when traffic ingresses or egresses to each vlan). It may support an ACL for that mgmt interface, but that is to just restrict IPs from getting to the interface for security purposes. I'll search for syntax to the bigger question, but am pretty sure it would require a full L3 capable switch or a router, of which the 2924 is neither.

Reply to

XL switches don't support these kind of ACLs. On a more recent switch running IOS you could use numbered ACLs in the range 200-299 to filter by Ethernet protocol type.

Reply to
Phil Harrison Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.