Access Group In or Out

Unanswered Question
Aug 14th, 2007

Please give a down and dirty again on access-lists on VLAN interfaces on a 6500 core. Say I have VLAN 10, and want to apply an ACL on it, when would I apply an IN and when would I use the OUT.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 08/14/2007 - 12:19

I am not sure why an SVI would be different from a physical interface. And I am not sure why out would not also be used on SVI interfaces.

Joe

Basically the in and out of access-group is from the perspective of the router/layer3 switch. So to examine packets from end stations on the interface/subnet you apply access-group in. And to examine packets going to end stations on the interface/subnet you apply the access-group out.

HTH

Rick

Actions

This Discussion