Unanswered Question
Jan 20th, 2009


I am just a little confused about vacl

I know it used to restrict intra vlan traffic.

My question is "do the hosts in same vlan need to on the same switch for vacl to work or can we two or more trunked switches and make vacl work??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Giuseppe Larosa Wed, 01/21/2009 - 09:07

Hello Gursaran,

the VACL applies to all ports belonging to the Vlan so it can apply also to trunk ports and traffic coming from a L2 only access-layer switch.

However, if the objective is to limit communication within an IP subnet the VACL on the multilayer switch can be bypassed if both hosts are on the same L2 only access switch: in this case the frames don't travel to the switch with the VACL applied

Hope to help



This Discussion