02-29-2008 07:56 PM - edited 03-05-2019 09:28 PM
I was doing some lab scenarios this afternoon with a couple of layer 3 switches and realized that I can build an access list and apply it to a vlan interface. Since that is the case, what is the logic behind using VACL's?
02-29-2008 08:12 PM
Hi Jason,
VACL's can also be used for bridged traffic in a VLAN.
The following link may give you a good explanation on the relationship of IOS acl's and vacl's, on the sequence of processing them for routed and bridged traffic, etc.
Cheers:
Istvan
02-29-2008 09:08 PM
VACLs are processed in hardware in Catalyst switches hence they don't take any CPU cycles. You can run multiple VACLs without affecting the switch utilization.
HTH,
__
Edison.
03-01-2008 12:29 AM
Edison,
Aren't the normal L3 ACLs also compiled in TCAMs and processed in hardware?
Narayan
03-01-2008 07:29 AM
I was referring mainly on how is done in Cat6k where you have a SP (Switch Processor) and RP (Route Processor). SP handles the VACL while RP handles the L3 ACLs.
__
Edison.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: