Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
8
Helpful
3
Replies

vlan access lists

carl_townshend
Spotlight
Spotlight

‎02-23-2007 02:30 AM - edited ‎03-05-2019 02:32 PM

Hi all, with a vlan when I add an access list, how do I know which is in and out when applying it ?

Labels:
0 Helpful
3 Replies 3

Danilo Dy
VIP Alumni
VIP Alumni

‎02-23-2007 03:15 AM

I think vlan interface in L3 switch logically represents the physical interface that is a member of the configured vlan. Therefore the following;

interface vlan100

ip access-group 100 in

is ingress to all physical interface which is configured with vlan100

interface vlan100

ip access-group 101 out

is egress to all physical interface which is configured with vlan100

but wait for experts to reply :)

acomiskey
Level 10
Level 10
In response to Danilo Dy

‎02-23-2007 05:41 AM

^^ I'm no expert, but you are correct.

0 Helpful

rakmenon
Cisco Employee
Cisco Employee

‎02-23-2007 05:57 AM

As mentioned the following are correct.

interface vlan1

ip access-group 1 in (indicates in)

interface vlan1

ip access-group 11 out (indicates out)

The case is different if its a VACL in that case the map is applied as soon as the frame reaches the switch(not the SVI).

let me know if this helps,if not pls clarify more on the question,

Rakesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card