Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reflexive ACLS for Inter-vlan routing at distribution layer

I currently have extended ACLs on probably 40-50 L3 SVIs at my distribution layer. Most of them are configured to admit/deny traffic on the outbound filter for each SVI. I am considering moving to reflexive ACLs to get improved security controls, but I'm just not sure it would work. Many of the vlans need to talk to each other but not ALL the other vlans and almost all of them need to go to the Internet. Does anyone here have experience with using reflexive ACLs in an Enterprise at the distribution layer that might have some advice on how to do this (or not do it)?         Thanks. 

Everyone's tags (2)
2 REPLIES
Purple

Reflexive ACLS for Inter-vlan routing at distribution layer

Hi,

reflexive ACLs are only supported on 6500 switches as far as I know.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Reflexive ACLS for Inter-vlan routing at distribution layer

I think they are supported on the 7609-S (which is what I'd put them on) but I am double-checking. Hardware aside, I am just trying to figure out if it's doable from a traffic flow standpoint. that is my concern. It seems reflexive ACLs are more commonly used at entry/exit points and not for complex intervlan routing. I am just curious if I am the only one to consider it for internal use and if others have experience, I could use some insight.

300
Views
0
Helpful
2
Replies
CreatePlease login to create content