Access-List on VLAN interfaces issue

Unanswered Question
Jun 26th, 2007
User Badges:


i want to control traffic on specific VLAN. Is Acces-List will be as in routers or differ. Also is explicit deny any any is present by default as in routers or not


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sundar.palaniappan Tue, 06/26/2007 - 06:25
User Badges:
  • Green, 3000 points or more

The same rules apply. There's an implicit deny as in routers. Configure the access list just as you would do on the router then apply the access list to the VLAN interface on the switch and that's all you need.



Rolf Fischer Tue, 06/26/2007 - 06:44
User Badges:

You only have to look out what IN and OUT mean on a vlan-interface.

IN means into the router - out of the vlan.

OUT means out of the Router - into the vlan.

Sometimes that's a little bit confusing.

seegomaa Tue, 06/26/2007 - 21:28
User Badges:


Thanks for reply. I want to tell you that i'm talking about 6500 switch. Is this make difference ?. and please if you know link to discuss this issue in detail please send me


mahmoodmkl Tue, 06/26/2007 - 21:32
User Badges:
  • Gold, 750 points or more


As the above poster said think about it like that.for e.g

suppose u have two vlans 2 and 3 and have configured their respective SVI's.

If u want to block the traffic incoming from vlan 2 u need to apply the access-list inbound to vlan2 SVI.

If u want to block the traffic coming from vlan 3 entering into vlan 2 then apply the access-list outbound to vlan 2 SVI.




This Discussion