Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1951
Views
0
Helpful
3
Replies

Bridged ACLs

manju.cisco
Level 3
Level 3

‎11-06-2011 05:25 AM - edited ‎03-07-2019 03:14 AM

What are Bridged ACLs ?? Is it also called as VLAN ACL (VACL) ?? Or is it also called as vlan-maps ????

I am just confused what those three actually are.

Someone pls help to make me understand what they means in short.

Is bridged ACL can be applied on both inbound and outbound direction under an SVI??

Thanks.

Labels:
0 Helpful
3 Replies 3

Arun Nair
Level 1
Level 1

‎11-06-2011 08:51 AM

Manju,

All the three terms mean the same, and can be used interchangeably. 

Router(config)# vlan access-map ACL_NAME 10


Although some people sometimes, use the term bridged ACL to define the ACLs being applied to ACE appliances(Load balancers) on Bridged virtual interfaces.
A VACL, BACL or Vlan ACL/Vlan-map is basically a method to apply ACLs to VLANs using an access-list sort of formulation. We can define the interesting traffic under the command I have shown above in the form of an access-list and perform an action like "permit" or "drop" on the traffic.
Next question:
Is bridged ACL can be applied on both inbound and outbound direction under an SVI??
Well the answer is yes, but this direction can be defined only by the source and destination in the access-list. You do not have a method to basically set a command like "ip access-group 101 in/out" for a VACL. 
Sometimes, I see VACLs as a QOS variance.(Match interesting traffic and act upon it sort of behavior that it displays).
HTH
Cheers
Arun


 

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
                
                    
        

	
	

		
	

	


		
	
		

			

	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
			

	
	
	 
	
	
	
				
		

			
				
					
					
				
			
		

	
			
	
	
	
	
	


		

	

	

	

	

	

	

	
			
					
				
		

	


	

		
	
	


		

	

		

			

	
		

			
		
			
			
		
		
	
		

	
	


		

	

		

			

	
		

			
		
			

	
			
					manju.cisco
					
				
		


		
	
		

	
	

	
		

			
		
				
		
	

	

	
			
				
		
		
			
		
		
		Level 3
		
		
		
		
		
	
			
		

		
			
					
		

			Level 3
		

	
				
		
			
					

	
		In response to Arun Nair
	
	


				
		
	
		

	
	


		

			

	
		
			
		
			
					
		

			
    

	
		
		
		‎11-06-2011
	
		
		09:14 AM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		

	
				
		
	
	


		

	

		

			

	
		
			
					
		

	
		

			
				
					
					
						
Hi Arun,
Thanks for clarifying the main point 
However, in this case, for the question "Is bridged ACL can be applied on both inbound and outbound direction under an SVI??", you said "YES", but i would now say the answer is NO  because i cannot apply the bridged ACl on any vlan interface.....there is no such command..........
bridged acl can then only be applied to a vlan, not on interface......so the brdiged acl cannot be applied in inbound/outbound direction under an SVI.
Is my understanding correct ???
Thanks.



					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
                
                    
        

	
	

		
	

	


		
	
		

			

	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
			

	
	
	 
	
	
	
				
		

			
				
					
					
				
			
		

	
			
	
	
	
	
	


		

	

	

	

	

	

	

	
			
					
				
		

	


	

		
	
	


		

	

		

			

	
		

			
		
			
			
		
		
	
		

	
	


		

	

		

			

	
		

			
		
			

	
			
					Arun Nair
					
				
		


		
	
		

	
	

	
		

			
		
				
		
	

	

	
			
				
		
		
			
		
		
		Level 1
		
		
		
		
		
	
			
		

		
			
					
		

			Level 1
		

	
				
		
			
					

	
		In response to manju.cisco
	
	


				
		
	
		

	
	


		

			

	
		
			
		
			
					
		

			
    

	
		
		
		‎11-06-2011
	
		
		09:19 AM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		

	
				
		
	
	


		

	

		

			

	
		
			
					
		

	
		

			
				
					
					
						
Hi Manju,
It is possible to apply VACLs to VLANs as shown in the below link:
eg: 
SW2(config)#vlan filter VACL_STOPTELNET vlan-list 10(this is the VLAN ID/Number).
 http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/
Feel free to enquire more.
Cheers
Arun

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		

			
		
			
 
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


 

		
	
		

	
	

	
		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents

        

        

          

            

              

                

                  
                

              

            

          

        

      

    

    

      
 

    

  




		
			
		
			    

		
					
Review Cisco Networking products for a $25 gift card