Solved: acl and vacl

suthomas1 · ‎09-28-2011

Hi,

What is the precise difference between normal acl that is applied to an interface or svi vlan interface and vlanacl(VACL)?

does VACL mean that traffic within a single vlan can be controlled?

thanks in advance.

shehinpm1 · ‎09-28-2011

Hi thomas,

Vlan acl is the common way to do this,see the sample onfiguration

vlan access-map TEST 10

action drop

match ip address 100

vlan access-map TEST 20

action forward

vlan filter TEST vlan-list 10

access-list 100 permit ip host 10.10.1.1 host 10.10.1.2

pls rate if helpfull

shehin.pm

View solution in original post

cadet alain · ‎09-28-2011

Hi,

ACL applied to physicla L2 port is a port based ACL which can only be applied inbound and can be a MAC or IP ACL, the MAC ACL working for non-IP traffic.

ACL applied to routed port or SVI is a routed ACL which is the same as a traditional ACL on a router.

A VACL is an ACL to control traffic inside a VLAN.

Regards.

Alain.

Don't forget to rate helpful posts.

suthomas1 · ‎09-28-2011

Thank You Alain. That means, if we have a vlan10 with 2 systems 10.10.1.1 and 10.10.1.2. If these two neednt talk to each other, i can create a acl and apply to one of the physical ports?

thanks.

shehinpm1 · ‎09-28-2011