Reflexive ACLs on SVIs

Unanswered Question
Sep 18th, 2008

I can configure a RACL on a physical interface, but it doesn't work on an SVI. Can anyone explain why it doesn't work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Thu, 09/18/2008 - 04:24

Hello Jason,

I suppose you are using an ISR router with an etherswitch module.

the reflexive ACL is a "router" security feature and so it can be applied to a "router" interface.

Besides this, an SVI can receive traffic from L2 ports associated with the broadcast domain and from other L3 devices so it is a less clear context.

Hope to help

Giuseppe

Actions

This Discussion