VACL vs Access-Group

Unanswered Question
Feb 29th, 2008

I was doing some lab scenarios this afternoon with a couple of layer 3 switches and realized that I can build an access list and apply it to a vlan interface. Since that is the case, what is the logic behind using VACL's?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Fri, 02/29/2008 - 21:08

VACLs are processed in hardware in Catalyst switches hence they don't take any CPU cycles. You can run multiple VACLs without affecting the switch utilization.




royalblues Sat, 03/01/2008 - 00:29


Aren't the normal L3 ACLs also compiled in TCAMs and processed in hardware?


Edison Ortiz Sat, 03/01/2008 - 07:29

I was referring mainly on how is done in Cat6k where you have a SP (Switch Processor) and RP (Route Processor). SP handles the VACL while RP handles the L3 ACLs.




This Discussion