dACL on Cisco 3550 switch

I have 3550 Switch Cisco IOS (12.1 (19) EA1c).     I want to activate the feature list dACL on it, but it does not support add this command -followed ip device

No idea why it does not accept.  This version of ios not does support the dACL list feature?

You must at least 12.2 (44) SE dACL-support on the 3550.

Edit: It is documented in the ISE compatibility list:

http://www.Cisco.com/en/us/partner/docs/security/ISE/1.1.1/compatibility/ise_sdt.html

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

Tags: Cisco Security

Similar Questions

  • NAT router 1841 and 3550 switch help

    Hi experts, I need some help with setting up a network.  Network diagram is attached.

    I created 3 VLANs on the 3550 Switch and activated InterVLAN Routing.  I can't do a ping from one VLAN to another.  I've added static routes to networks VLAN on the router.  Is the only part I'm not sure where and how configure NAT?  For example, if it was just a standalone router Cisco 1841 I would just create list of access and NAT FA 0/0 outside and FA 0/1 on the inside.  It would be great if someone can give me an example or point me to the right direction.

    Router ISP--> Cisco 1841--> Switch Cisco 3550

    Cisco 1841 router:

    FA 0 / 0--> WAN Interface

    IP address: 30.20.10.2

    FA0 / 1 Interface LAN connected to the 3550 switch-->

    IP address: 10.0.0.1/24

    Cisco 3550 switch:

    FA 0 / 24--> to connect to the Cisco 1841 router

    IP address--> 10.0.0.2/24

    FA 0/1 - 0 / 10--> VLAN 1

    FA 0/11 - 0 / 20--> VLAN 2

    FA 21/0 - 0 / 23--> VLAN3

    Thank you

    Hello, it's the same thing, but in your access list, you need allow all of your internal address ranges. On your router and 3550 make sure routing everything is OK, you say you have connectivity.

    This means that your network 10 should be able to get to your 192 networks and vice versa.

    On your 3550, you can have a default route to the router. And your router should have roads to 192 networks via the address 10 of the 3550.

    Then the NAT configuration

    Int fa0/1
    IP NAT inside

    Int fa0/0
    NAT outside IP

    IP access-list standard MYNAT
    Permit 10.0.0.0 0.0.0.255
    Permit 192.168.1.0 0.0.0.255
    Permit 192.168.2.0 0.0.0.255
    Permit 192.168.3.0 0.0.0.255

    And then in your NAT statement

    IP NAT inside source list MYNAT interface fa0/0 overload

    Hope this helps

    Sent by Cisco Support technique iPhone App

  • How to distinguish the physical interface and logic (subinterface) interface to the Cisco router/Switch?

    Hi Expert,

    How to distinguish the physical interface and logic (subinterface) interface to the Cisco router/Switch? Can you please clarify a formal way for this so have?

    A physical interface is numbered with the same name of the interface when printing on the physical port. For example "GigabitEthernet 0/1" corresponds to port 1 of the 0 module (or the base unit).

    A logical interface can be a subinterface on a routed port and will have a point ("". "") preceding the number sous-interface (ex. GigabitEthernet 0/1.1). It can also be a loop or a virtual interface (on a router this could also include interfaces like the tunnel and virtual tunnel or VTI types). A switch may also have a VLAN logical interfaces (e.g. interface vlan 1) which are used as layer 3 virtual interfaces of type.

  • Cisco Catalyst 4503-> Cisco 3560 L3-> Cisco 2960 L2-> Cisco SMB switch

    Hi Experts,

    I am trying to add a Cisco SMB SF300 - 24 Switch to an infrastructure that has only the Cisco Catalyst switches

    The base layer is Cisco Cataylst 4503. Distribution is Cisco Catalyst 3560 and Cisco 2960 switches access layer.

    There are about 30 VLAN present in the infrastructure that is announced to all switches using VTP. Inter VLAN routing takes place at basic switches

    by creating the Interface VLAN for each VLAN of L2.

    1. the new 150 VLAN must be created on the new Cisco SMB switch. If I create a corresponding interface 150 VLAN on core switches, it will forward the other VLANs traffic just as he is currently working for Cisco 2960 Catayst switches?

    2. While they inspected, I could see that the DERIVATIVE is not supported on the Cisco SMB switches and I would need to go GVRP if I need to make advertising information to other switches VLAN. But since GVRP is only supported on CatOS and there is no inter operability between GVRP and DERIVED, I would need to manually create the VLAN on the new switch. Is this correct?

    Help, please!

    Thank you very much

    ANUP

    Good afternoon Anup Sasikumar

    Please use our forum

    My name is Johnnatan I am part of the community of support to small businesses, I saw your post and I understand that you want to configure VTP and GVRP.

    I'm afraid you will have to configure it manually each Vlan in each device CatOS GVRP, in order to keep their databases vlan in sync. As you say, VTP is support it not in CatOS

    You can try to connect the two protocols, but I encourage you do not follow this procedure.

    On your question about intervlan routing, if you create a corresponding interface 150 VLANS on switches to base it is routed, if your configuration is correct (port access, ports of junction, intervlan etc..)

    I hope that you will find this answer useful, if it was satisfactory to you, please indicate the question as answer.

    Please evaluate the useful messages.

    Greetings,

    Johnnatan Rodriguez Miranda.

    Support of Cisco network engineer

  • Connect a Cisco L3 switch behind a 871 using easyvpn

    Hello

    It is our habit to use easyvpn on 871 routers to connect our remote to our ASA 5500 VPN concentrators.

    It works well, we define them VLAN on the 871 and connect Cisco L2 switches behind the VPN routers.

    Problem is that now we have to connect the Cisco L3 switch behind the VPN routers and if we face problems of routing...

    No way to make works for all the VLAN defined on the switch of L3!

    I guess we have to use a specific configuration (IRB?).

    Or do we have to use IPSEC-L2L instead of the easyvpn?

    Thanks for your help.

    Kind regards

    Patrick Lee

    Patrick,

    It will certainly benefit you started.

    You can google some more for that.

    Someone posted this on the forums, but I think you might want to ask them

    https://supportforums.Cisco.com/docs/doc-3066;JSESSIONID=444194CDE250004E116705FF0ADAD955. Node0

    I hope this helps.

    Marcin

    Edit: many thing depend on whether you use NEM and if you plan to use. If you in any qustions stumple - post here.

  • Cisco Nexus switches

    I'm looking to deploy a series 5100 Cisco NEXUS switch at 10 Gbps.

    I know that the Nexus is supposed to work with the converged network adapter (for 10 Gbps FCoE, etc.), but can it operate without an ANC?

    I want to put some passthrough 10 Gbps modules in my Dell m1000 chassis and the cables directly to the Nexus switch.

    I know that the Nexus is perhaps overstated for this solution, but it is a step in the UCS solution for us.

    Thoughts?

    James

    Hi, you don't need special drivers for "low latency" 10 Gbit ethernet on a 5 k.

    for example, to switch non-nexus 5 k

    PING 10.10.10.1 (10.10.10.1) 56 (84) bytes of data.

    64 bytes of 10.10.10.1: icmp_seq = 1 ttl = 255 time = 0,530 ms

    64 bytes of 10.10.10.1: icmp_seq = 2 ttl = 255 time = 0.618 ms

    and a nexus 5000 with a qlogic 8152

    PING 172.16.78.3 (172.16.78.3) 56 (84) bytes of data.

    64 bytes from 172.16.78.3: icmp_seq = 1 ttl = 128 time = 0.150 ms

    64 bytes from 172.16.78.3: icmp_seq = 2 ttl = 128 time = 0,134 ms

    Oracle rac cluster will fly!

  • MS NLB Multicast configuration on Cisco Bladecenter switches mode

    We seek to MS NLB Multicast configuration on Cisco Bladecenter switches mode. We are adding static ARP and CAM entries for each port on the switches kernel that

    the Bladecenters are connected to, or just the port of the virtual machine arrives at

    push traffic at this time here? If we add it to a single port,

    How vmotion will work... because it seems that we have to manually

    transfer the arp from one port to the other entry.

    We add the static ARP entry to the entire Cisco switch. If you can VMotion VMs NLB to another host that is physically connected to another switch, then this switch have thus added ARP entry. We have not tested the configuration only on the specified ports. But if you do, make sure that you include all the ports connected to the physical switch (if for DS you have four natachasery configured in a vSwitch...).

    Here's a guide to how we have configured it several times in our society.

    http://www.VI-tips.com/2009/04/NLB-in-VMware.html

  • To apply a Cisco 3560 Switch in my network

    Can someone help me to solve my problem?

    I have a Cisco switch catalyst 3560 that I need to implement in my network and I want to do is to have 3 different VLANS created and use them to separate and test.

    Is it possible to do only a single switch?

    Hello

    It is a community of user to user of Toshiba.

    I put t know how your problem is connected to a Toshiba laptop, but if you have problems with the Cisco product, I recommend you visit the support page for Cisco to get support for this device.

  • CISCO MDS switches

    Did somebody switches Cisco MDS to listen without having to continually restart the cimserver? If so what software version are you running?

    The new software is expected to have supported this - version 1.2.0.
    Please let me know if he is doing if we can solve this.
    Mike

  • WAP321 Cisco PoE switch

    Could someone tell me please to a small businesses of Cisco switch that would be capable of powering of five WAP321?

    I do not know the power on these access points profile but have noticed that the PoE injectors pump 16.8 watts MAX. I find anywhere what the power profile is on WAP321 APs but ~ 17 WATTS seems to be quite high.

    In fact, I was interested in the SF100D - 16 p which has a budget of power of 64W on 8 ports... the price range is within my budget.

    If someone could tell my, if the SF100D - 16 p can power 5-6 WAP321 enough? Thank you.

    Hello Rob, the answer is Yes, the SG100D - 16 p will manage enough 5 AP.

  • GLC-GE-100FX - connection to 3550 switch MMF

    Hello, I have an OM1 MMF fiber flow between two switches, the first being a 3750 and the second being a 3550.

    The link is currently greater than the maximum distance for OM1 @ 1000 Mb/s (220 m) so I would downgrade 100FX using the FPS needed link / GBIC is to extend the maximum distance of 550 m and launches the link @ 100 MB/s.

    I have the room code for 100FX SFP to install in the 3750 (GLC-GE-100FX) but cannot find a GBIC for the 3550 100FX, anyone know if I can use a GBIC 1000SX (WS-G5484) for the 3550 at one end and the 100FX to another GFS? Anyone successful with this configuration on MMF?

    Concerning

    No, you cannot use the fiber GBIC 1000Base-X to implement the Fast Ethernet link. You must instead use a kind of external media FE converter.

  • How to configure the VLAN for Cisco SG500 - switch 28

    Hello

    First of all, it's my first post here, I hope that someone can help me and please be patient because I am very little known.

    OK, so let me explain to you the scénarion I face and I hope someone can help me.

    We have a Cisco SG500 - 28 port gigabit switch in our workplace.

    Our goal is to create 3 VLANs and separate networks between the various departments.

    Vlan1 (which is the default VLAN in the switch)-will be used for the COMPUTER service and management.

    VLAN100 - will be used for business.

    VLAN200 - will be used for clients who need to connect to internet via WiFi.

    I created VLAN100 and VLAN200, and VLAN1 is there by default.

    I want to use port 13 for VLAN200 and to connect the-Wifi access point there.

    The uplink is in port 25.

    I would be happy if you could explain things first to a more general, abstract level, and then we can look at the specific scenario that we have.

    SG500 Cisco - 28 Gets a Sophos UTM 9 router internet.

    I need to take care of the inter - VLAN routing so, subnet and DHCP

    Thanks in advance,

    Sincere greetings,

    D

    Hi Desmond, looking at this DHCP pool it looks correct.

    For the second part, you waant VLAN 200 only work on VLAN 200, that's fine. So if you have an access point, and everything on the VLAN 200 connects to the access point, you can make an access to this list. The access list is entered only, which means the inbound interface.

    So if you have a gateway connecting to #1 port. You'll need to build the access list and apply it to port number 1. That's assuming you make a list of access 'decline' subnet source IP of VLAN 200 destined for the other subnet, that you do not want access.

    The image on another post to fill out your reference numbers, then for the ACL link, it should be placed on the interface VLAN 200 first comes to the switch (IE, the port the access point connects, make sure that you choose to bind by port instead of per VLAN)

    -Tom
    Please mark replied messages useful
    http://blogs.Cisco.com/smallbusiness/

  • A SG300 Cisco SMB Switch will support DHCP Option 156?

    Hi all

    Is it possible to configure the 156 on a Sx300 Cisco DHCP scope option? Its for Shoretel IPT... I noticed that the option is not available through the user interface. But I tried the other day on a switch with the latest firmware via the CLI and it almost worked but I couldn't switch to accept the exact string that I needed... For example below (the Cisco classic):

    the option ascii 156 'ftpservers = 172.16.250.21, country = 7, language = 4, layer2tagging = 1, vlanid = 100 '.

    Guidance gratefully received...

    Thanks in advance

    Matt

    Hi Matthew, the options supported on the DHCP server are as follows:

    1,3,4,6, 12, 15, 44, 46, 50, 51, 53. 54, 55, 56, 58, 59 and 61.

    -Tom
    Please mark replied messages useful

  • HSRP support on the cisco SMB switches

    Hello!

    Just a question.

    One of the Cisco Small Business L3 switches support the failover as HSRP, VRRP, and GLBP entry protocols?

    Thanks in advance

    Hi Dejan,

    Oops, I overlooked the fact that you need L3 switches.

    In this case, indeed the Catalyst 3560 would be the best choice.

    Thank you for your trust to Cisco!

    Best regards

    Nico glacier

    Senior Network Engineer - CCNA

    PS: Could mark you it as answered? Thank you

  • Settings of VoIp for the replacement of a Cisco 3550 button with a SF300 - 24 p

    I add the SF300 - 24 p to an existing set of switches.  My spine is a 3560.

    The 3550 I'm replacing has this config for each port that supports a Shoretel phone

    switchport trunk encapsulation dot1q

    switchport mode trunk

    MLS qos trust dscp

    include global parameters

    pvst mode Spaning tree

    spanning tree extend id-system

    VLAN spanning tree 1 200 priority 28762

    internal allocation policy of VLAN ascendant

    all other settings are default

    Any ideas how to reproduce it on this new switch?  I added the Shoretel mac address range (00-10-49) in phone YES program.  The phone is supplied with power, I think he gets a 192.168.6.x address (local subnet), but then he should get a 10.6.0.xx on his IP VLAN - but it doesn't.

    Some configs of the spine are attached.  I don't have to configure it in the 3550.

    Any ideas?

    Fred

    Hi fred,.

    Backup on my PC should be the same as the screenshot taken on my SG300 - 28 p as shown below.

    try to use wordpad to adjust settings and then upload the configuration to a new machine.

    Let me know how it works. I don't really have multiples of the same switch to try it.

    Best regards, Dave

Maybe you are looking for