12-17-2009 04:50 PM - edited 03-06-2019 08:59 AM
Hello,
I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.
Enviornment:
Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?
I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.
Thanks,
Ben
Solved! Go to Solution.
12-17-2009 04:51 PM
benwaldon wrote:
Hello,
I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.
Enviornment:
Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?
I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.
Thanks,
Ben
Ben
An acl applied to the L3 SVI for vlan 10 would not affect traffic between hosts in the same vlan. If you want limit traffic between hosts in the same vlan then you need use a VACL (Vlan acl).
Jon
12-17-2009 04:51 PM
benwaldon wrote:
Hello,
I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.
Enviornment:
Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?
I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.
Thanks,
Ben
Ben
An acl applied to the L3 SVI for vlan 10 would not affect traffic between hosts in the same vlan. If you want limit traffic between hosts in the same vlan then you need use a VACL (Vlan acl).
Jon
12-17-2009 04:58 PM
ooh very nice. thanks!
do you know of any white papers on virtual acls. I will do a search for it too, but if you have it handy, that would be great.
Does virtual ACLs require any specific licensing on the switch or a specific IOS version, etc?
Thanks,
Ben
12-17-2009 05:02 PM
benwaldon wrote:
ooh very nice. thanks!
do you know of any white papers on virtual acls. I will do a search for it too, but if you have it handy, that would be great.
Does virtual ACLs require any specific licensing on the switch or a specific IOS version, etc?
Thanks,
Ben
Ben
When you say virtual acls do you mean vlan acls ?
If so you can use the config guides for your relevant switch and there will be examples in their. Presumably you know how to find config docs for your switch ?
Jon
12-17-2009 05:04 PM
yeah, vlan acls, sorry. Okay thanks
12-17-2009 05:25 PM
Ben
No problem. Forgot to answer last question. They should come as standard on your switch so no special license or specific IOS.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide