Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
2
Helpful
5
Replies

Where to place a VACL

glsparks
Level 1
Level 1

‎04-21-2023 03:35 AM

Hi 

I'm looking to implement a VACL on a vlan to prevent three hosts talking to each other.

Now on hosts is on different switches connected via the core/distribution switch, the core hosts the VLAN SVI and default gateway.

So my question is. Does the VACL need to be on all 3 switches? 

Thanks in advance

Labels:
5 Replies 5

MHM Cisco World
VIP
VIP

‎04-21-2023 03:42 AM

host in same VLAN ? or in different VLAN ?

0 Helpful

glsparks
Level 1
Level 1
In response to MHM Cisco World

‎04-21-2023 03:48 AM

Same VLAN.

0 Helpful

MHM Cisco World
VIP
VIP
In response to glsparks

‎04-21-2023 03:52 AM - edited ‎04-21-2023 03:54 AM

then use VLAN access-map
try use MAC if the three host get IP from DHCP server not static config 
VLAN access-map (VACL) Example Configuration on Cisco Switch (networkstraining.com)

you can also use Port ACL in each port connect to host to permit or deny traffic 

0 Helpful

glsparks
Level 1
Level 1
In response to MHM Cisco World

‎04-21-2023 03:56 AM

My question is actually not how to do it but where to put the configuration.

Is the configuration applied to all switches that have the VLAN on or only switches that have the hosts attached?

MHM Cisco World
VIP
VIP
In response to glsparks

‎04-21-2023 03:59 AM

if that case then you need to config in VLAN in all SW, if the host in SW1 connect to host in SW2 the there is chance that the traffic bridge in SW2 not in SW1
So
I prefer you use Port ACL. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card