Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1927
Views
0
Helpful
2
Replies

Are the ACLs stateful?

kurian
Level 1
Level 1

‎03-20-2014 09:52 PM

If I create an ACL on VLAN1 that allows traffic to destination IP:PORT on VLAN 2, will I be able to open a TCP connection to it? Will returning packets from the destination IP:PORT automatically be allowed back into VLAN1?

Labels:
0 Helpful
2 Replies 2

Tom Watts
VIP Alumni
VIP Alumni

‎03-21-2014 09:00 AM

Hi Kurian, on small business switch, the ACL applies as ingress only. So if you have an ACL applied to VLAN 1 that is permit to VLAN 2 there will not be any drop traffic.

 

I see what is your point that the traffic return from VLAN 2 back in to VLAN 1 therefore should be dropped, that is not the case - otherwise it would make the ACL nearly impossible to use with any efficiencies.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

kurian
Level 1
Level 1
In response to Tom Watts

‎03-23-2014 11:12 PM

This is true if I only have ACLs on VLAN 1, but I will also have different ACLs on VLAN 2. Then ingress filtering will be applied on VLAN 2 and the response packets from VLAN 1 connections will not be allowed back unless I create matching rules on VLAN 2 right?

0 Helpful
Customers Also Viewed These Support Documents