I am trying to find out if there is a difference between the "firewall vlan-group" command and the "svclc vlan-group" command. I have found docs on CCO that imply that you use the "firewall vlan-group" command to assign VLANs to an FWSM but you use "svclc vlan-group" to assign them to an ACE. I have other docs (like an FWSM/ACE design guide) that actually use the "svclc vlan-group" command for both. I built what is currently a tier 1 production architecture using 3 different svclc groups. One for the FWSM only One for the ACE only, and one for VLANs shared between the two modules. It is working fine and I have had no issues whatsoever. The interesting thing is, over the past 6 months or so, on various TAC cases and SE discusssions, I've been told both that I am wrong for not using the "firewall vlan-group" command and that I'm not wrong. I can't find anything (or anyone) that can help me understand if there is actually some kind of difference between the commands. Just opinions. Does anyone have any insight into this?