cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1883
Views
0
Helpful
2
Replies

When should use VLAN filter vs. SVI access-list on switches?

gwhuang5398
Level 2
Level 2

If VLAN 10 is a user VLAN in subnet 10.10.10.0/24, and I want torestrict what servers those users in VLAN 10 can access, I can configure a access-list and apply the ACL to a VLAN access-map, or apply the ACL to the SVI "interface vlan 10". What's a good practice as far as when I should use a VLAN access-map and when I should apply the access-list directly to SVI?         

Thanks a lot       

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

VLAN access-maps are used when you want to restrict hosts within a vlan. If you have a host and server in vlan 10, and you want to restrict this host from accessing the server, you'd use a vlan access map.

Access lists on the SVI are used when you want to restrict intervlan routing between vlans. If you have a host in vlan 10 and a server in vlan 15, you'd use a normal acl applied to the vlan 10 svi restricting the host from accessing the server in vlan 15.

HTH,

John

**** Please rate useful posts ****

HTH, John *** Please rate all useful posts ***

View solution in original post

2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

VLAN access-maps are used when you want to restrict hosts within a vlan. If you have a host and server in vlan 10, and you want to restrict this host from accessing the server, you'd use a vlan access map.

Access lists on the SVI are used when you want to restrict intervlan routing between vlans. If you have a host in vlan 10 and a server in vlan 15, you'd use a normal acl applied to the vlan 10 svi restricting the host from accessing the server in vlan 15.

HTH,

John

**** Please rate useful posts ****

HTH, John *** Please rate all useful posts ***

Thanks so much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card