cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1631
Views
0
Helpful
2
Replies
Highlighted
Explorer

When should use VLAN filter vs. SVI access-list on switches?

If VLAN 10 is a user VLAN in subnet 10.10.10.0/24, and I want torestrict what servers those users in VLAN 10 can access, I can configure a access-list and apply the ACL to a VLAN access-map, or apply the ACL to the SVI "interface vlan 10". What's a good practice as far as when I should use a VLAN access-map and when I should apply the access-list directly to SVI?         

Thanks a lot       

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advisor

VLAN access-maps are used when you want to restrict hosts within a vlan. If you have a host and server in vlan 10, and you want to restrict this host from accessing the server, you'd use a vlan access map.

Access lists on the SVI are used when you want to restrict intervlan routing between vlans. If you have a host in vlan 10 and a server in vlan 15, you'd use a normal acl applied to the vlan 10 svi restricting the host from accessing the server in vlan 15.

HTH,

John

**** Please rate useful posts ****

HTH, John *** Please rate all useful posts ***

View solution in original post

2 REPLIES 2
Highlighted
Advisor

VLAN access-maps are used when you want to restrict hosts within a vlan. If you have a host and server in vlan 10, and you want to restrict this host from accessing the server, you'd use a vlan access map.

Access lists on the SVI are used when you want to restrict intervlan routing between vlans. If you have a host in vlan 10 and a server in vlan 15, you'd use a normal acl applied to the vlan 10 svi restricting the host from accessing the server in vlan 15.

HTH,

John

**** Please rate useful posts ****

HTH, John *** Please rate all useful posts ***

View solution in original post

Highlighted

Thanks so much.

Content for Community-Ad