We wish to apply an ACL to a VLAN interface on a 1638 with VRRP enabled, however, the same command that works on the 1335, does not seem to work on the 1638. I tried looking into the AOS commands PDF , but it seems that the ip access-group command should work. For example:
I applied the access list guest_block to the Interface VLAN 36 on a 1335 by simply issuing the ip access-group guest_block out command
interface vlan 36
ip address 10.36.1.1 255.255.255.0
ip access-group guest_block out
no rtp quality-monitoring
no ip route-cache express
However, on the 1638, I receive the unrecognized command error. What am I missing?
BPHQ1638.1.1(config)#int vlan 36
BPHQ1638.1.1(config-intf-vlan 36)#ip access-group guest_block out
% Unrecognized command
Do I have to use a hardware ACL instead?
The NetVanta 1335 includes full-blown routing and firewall functions, whereas the NetVanta 1638 is a multi-layer switch product. The 1638 does not include a firewall which is needed to support IP access lists and policy-classes. Hardware ACL will be your best bet: Configuring Hardware ACLs in AOS