Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

access-lists on layer 3 switch

Hello,

I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.

Enviornment:

Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?

I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.

Thanks,

Ben

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: access-lists on layer 3 switch

benwaldon wrote:

Hello,

I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.

Enviornment:

Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?

I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.

Thanks,

Ben

Ben

An acl applied to the L3 SVI for vlan 10 would not affect traffic between hosts in the same vlan. If you want limit traffic between hosts in the same vlan then you need use a VACL (Vlan acl).

Jon

5 REPLIES
Hall of Fame Super Blue

Re: access-lists on layer 3 switch

benwaldon wrote:

Hello,

I am going to be installing some layer three switches. I have a question about how access-lists work in this enviornment.

Enviornment:

Single switch, uses VLAN 10. Host1 is connected to port 1 and host 2 is connected to port 2. both ports are access ports for vlan 10. can I put an acl on vlan 10 that prevents host1 from talking to host 2? In other words, does the traffic have to flow from one vlan to another for the switch to compare it against the acl?

I am pretty sure that the acl wouldn't affect the traffic, but I just want to make sure.

Thanks,

Ben

Ben

An acl applied to the L3 SVI for vlan 10 would not affect traffic between hosts in the same vlan. If you want limit traffic between hosts in the same vlan then you need use a VACL (Vlan acl).

Jon

New Member

Re: access-lists on layer 3 switch

ooh very nice. thanks!

do you know of any white papers on virtual acls. I will do a search for it too, but if you have it handy, that would be great.

Does virtual ACLs require any specific licensing on the switch or a specific IOS version, etc?

Thanks,

Ben

Hall of Fame Super Blue

Re: access-lists on layer 3 switch

benwaldon wrote:

ooh very nice. thanks!

do you know of any white papers on virtual acls. I will do a search for it too, but if you have it handy, that would be great.

Does virtual ACLs require any specific licensing on the switch or a specific IOS version, etc?

Thanks,

Ben

Ben

When you say virtual acls do you mean vlan acls ?

If so you can use the config guides for your relevant switch and there will be examples in their. Presumably you know how to find config docs for your switch ?

Jon

New Member

Re: access-lists on layer 3 switch

yeah, vlan acls, sorry. Okay thanks

Hall of Fame Super Blue

Re: access-lists on layer 3 switch

Ben

No problem. Forgot to answer last question. They should come as standard on your switch so no special license or specific IOS.

Jon

3933
Views
0
Helpful
5
Replies
CreatePlease to create content