Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
0
Helpful
2
Replies

Reflexive ACLS for Inter-vlan routing at distribution layer

JESSICA Walsh
Level 1
Level 1

‎10-24-2013 11:42 AM - edited ‎03-07-2019 04:13 PM

I currently have extended ACLs on probably 40-50 L3 SVIs at my distribution layer. Most of them are configured to admit/deny traffic on the outbound filter for each SVI. I am considering moving to reflexive ACLs to get improved security controls, but I'm just not sure it would work. Many of the vlans need to talk to each other but not ALL the other vlans and almost all of them need to go to the Internet. Does anyone here have experience with using reflexive ACLs in an Enterprise at the distribution layer that might have some advice on how to do this (or not do it)?         Thanks. 

Labels:
0 Helpful
2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

‎10-24-2013 12:09 PM

Hi,

reflexive ACLs are only supported on 6500 switches as far as I know.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

JESSICA Walsh
Level 1
Level 1
In response to cadet alain

‎10-24-2013 12:54 PM

I think they are supported on the 7609-S (which is what I'd put them on) but I am double-checking. Hardware aside, I am just trying to figure out if it's doable from a traffic flow standpoint. that is my concern. It seems reflexive ACLs are more commonly used at entry/exit points and not for complex intervlan routing. I am just curious if I am the only one to consider it for internal use and if others have experience, I could use some insight.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card