Unanswered Question
Jan 20th, 2009
User Badges:


I am just a little confused about vacl

I know it used to restrict intra vlan traffic.

My question is "do the hosts in same vlan need to on the same switch for vacl to work or can we two or more trunked switches and make vacl work??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Giuseppe Larosa Wed, 01/21/2009 - 09:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gursaran,

the VACL applies to all ports belonging to the Vlan so it can apply also to trunk ports and traffic coming from a L2 only access-layer switch.

However, if the objective is to limit communication within an IP subnet the VACL on the multilayer switch can be bypassed if both hosts are on the same L2 only access switch: in this case the frames don't travel to the switch with the VACL applied

Hope to help



This Discussion