Re: Vlan ACL

frontechasl123 · ‎02-17-2011

Does Vlan ACL's restricts traffic only between hosts in the same vlan or does it also have the feature to restrict traffic between two different vlans?

For example if there are 4 layer 3 switches and all 4 switches have Vlan 10 spanned. We have configured Vlan ACL for Vlan 10 in one switch (suppose in switch 1). So when other switches (where vlan ACL is not configured) receive packet destined for vlan 10, at that point whether vlan ACl is executed or not in those switches where vlan ACL is not configured

rassoul.ghaznavi · ‎02-17-2011

Good question!

I haven't tested this but I would say it will work and it should be a benefit of using vlan map instead of normal acl,

I think all incoming traffic on the vlan will be checked by acl anyway.

Network Group

Latchum Naidu · ‎02-17-2011

Hi,

Does Vlan ACL's restricts traffic only between hosts in the same vlan or does it also have the feature to restrict traffic between two different vlans?
It is completely depends on how we configured ACL's, we can restrict traffic between vlans and also can restrict between host and host.

When all 4 switches have vlan 10 spanned and packet received from anyone switch that will pass untill ACL restricted.

Hope this clear you..

Please rate the helpfull posts.
Regards,
Naidu.

martin_knorre · ‎02-18-2011

Hi,

VLAN ACL's can either check Layer 2 information or Layer 3 information but only in a VLAN, so for tracing traffic inter VLAN routed you have to setup normal ACL with Layer 3 information from the VLAN Interface IP.

But for more information look here:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html

Regards Martin