I was doing some lab scenarios this afternoon with a couple of layer 3 switches and realized that I can build an access list and apply it to a vlan interface. Since that is the case, what is the logic behind using VACL's?
VACL's can also be used for bridged traffic in a VLAN.
The following link may give you a good explanation on the relationship of IOS acl's and vacl's, on the sequence of processing them for routed and bridged traffic, etc.
VACLs are processed in hardware in Catalyst switches hence they don't take any CPU cycles. You can run multiple VACLs without affecting the switch utilization.
I was referring mainly on how is done in Cat6k where you have a SP (Switch Processor) and RP (Route Processor). SP handles the VACL while RP handles the L3 ACLs.
__
Edison.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
