Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access Group In or Out

Please give a down and dirty again on access-lists on VLAN interfaces on a 6500 core. Say I have VLAN 10, and want to apply an ACL on it, when would I apply an IN and when would I use the OUT.

Thanks,

2 REPLIES
bjw Silver
Silver

Re: Access Group In or Out

I just went through this. The IN is used on an SVI (Vlan), IN or OUT are used on physical interfaces.

Hall of Fame Super Silver

Re: Access Group In or Out

I am not sure why an SVI would be different from a physical interface. And I am not sure why out would not also be used on SVI interfaces.

Joe

Basically the in and out of access-group is from the perspective of the router/layer3 switch. So to examine packets from end stations on the interface/subnet you apply access-group in. And to examine packets going to end stations on the interface/subnet you apply the access-group out.

HTH

Rick

134
Views
0
Helpful
2
Replies