Can anyone provide info on the security risk of using VACL's on a swtich with a single VLan - to isolate traffic. I have one switch with Firealls attached to it and multiple hosts which I only want to be able to talk to teh firewalls and not each other. Would like to use VACL's on the switch but I've always heard that ACL's are not really secure. ARe VACL's any more secure than ACL's and what is the real risk is using them..
Why VACL if you have a firewall? VACLs aren't statefull (the last I understood, maybe something has changed), firewalls are stateful. I would go with a stateful firewall over a VACL.
You could, hopefully running enterprise class hardware, 802.1q trunk between a firewall and switch. Some of the ASAs allow for multiple virtual interfaces/subinterfaces. Not sure on the product models off the top of my head, if you have an ASA, you could look at the product page. You could define access policy unique for each DMZ/VLAN.
thanks for hte feedback. We have one switch with one vlan, many hosts, adn one firewall.
We don't want any of the hosts to be able to talk to each other - but they have to be on the same subnet. We want all the hosts to be able to talk to the firewall. Wouldn't VACL's be a good option here? What are the security risks in using them?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :