Access-list on SVI interface

Unanswered Question
Apr 23rd, 2012

Hi guys,

I would need your advice on a point not clear for me

I make a quick search on this forum, however I didn't find an answer (but I am almost sure this issue was discussed already...)

My concern is what could match an acces-list configured on a swich SVI interface ?

I understand which traffic is matching inbound access-list (traffic destined to this IP), but not which kind of traffic could match an outbound one (no traffic crosses that interface, and the traffic initiated from that interface by the router will not match neither)

Do you have an answer for this ?

Thanks in advance for your help !!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
g.fabre Mon, 04/23/2012 - 12:37

I found the answer myself 2 minutes after posting

the transit traffic routed through that interface will match !

sorry for spamming the forum... let's say this is just my contribution for people having the same question

Richard Burts Mon, 04/23/2012 - 12:40

The logical operation of access list on SVI is quite similar to the logical operation of the access list on a physical interface. If you assign an access list as outbound on an SVI then it will examine traffic that has come through the switch and is being sent out onto the VLAN/subnet of the SVI.

So if you had this as an example

interface vlan 3

ip address 10.10.10.1 255.255.255.0

ip access-group 101 out

then access list 101 will examine traffic coming through the switch and being forwarded out onto VLAN 3 and subnet 10.10.10.0.

HTH

Rick

Actions

Login or Register to take actions

This Discussion

Posted April 23, 2012 at 12:31 PM
Stats:
Replies:2 Avg. Rating:
Views:1467 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard