Configuring Acls; Unsupported Features - Cisco Catalyst 2950 Software Configuration Manual

Configuring ACLs

Table 23-1
Table 23-1 Summary of ACL Restrictions
Restriction
Number of user-defined masks allowed in an ACL 1
Number of ACLs allowed on an interface
Total number of user-defined masks for security
and QoS allowed on a switch
Configuring ACLs
You can configure ACLs only if your switch is running the enhanced software image.
Note
Configuring ACLs on Layer 2 or Layer 3 management VLAN interfaces is the same as configuring ACLs
on Cisco routers. The process is briefly described here. For more detailed information on configuring
router ACLs, refer to the "Configuring IP Services" chapter in the Cisco IP and IP Routing
Configuration Guide for IOS Release 12.1. For detailed information about the commands, refer to Cisco
IOS IP and IP Routing Command Reference for IOS Release 12.1. For a list of IOS features not supported
on the Catalyst 2950 switch, see the

Unsupported Features

The Catalyst 2950 switch does not support these IOS router ACL-related features:
•
•
•
•
•
•
•
•
•
•
Catalyst 2950 Desktop Switch Software Configuration Guide
23-6
lists a summary of the ACL restrictions on Catalyst 2950 switches.
Non-IP protocol ACLs (see
Bridge-group ACLs.
IP accounting.
No ACL support on the outbound direction.
Inbound and outbound rate limiting (except with QoS ACLs).
IP packets with a header length of less than five are not be access-controlled.
Reflexive ACLs.
Dynamic ACLs (except for certain specialized dynamic ACLs used by the switch clustering feature).
ICMP-based filtering.
IGMP-based filtering.
Number Permitted
1
4
"Unsupported Features" section on page
Table 23-2 on page 23-7).
Chapter 23 Configuring Network Security with ACLs
23-6.
78-11380-04