Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

VACL help


I have Cisco 6500 SUP720 IOS 12.2(17d) with multiple vlans 5, 6, 7, 33 and 90.

Vlan 90 = 10.90.1.X network equipment

Vlan 33 = my PC

Vlan 5, 6 and 7 = 10.5.1.X, 10.6.1.X and 10.7.1.X staff PCs

I want to be able to control access to vlan 90 so that only vlan 33 has access.

So I setup a ACL VACL and vlan access-map- like this:

ip access-list standard in-switches


ip access-list standard allow-any

permit any

vlan access-map map90 10

match ip address in-switches

action forward

vlan access-map map90 20

match ip address allow-any

action drop

vlan filter map90 vlan-list 90

As soon as I apply the last command I lose connection to vlan 90 (can't ping it). What am I doing wrong?

Thanks in Advance:)

Hall of Fame Super Silver

Re: VACL help

Hello Joel,

I would try to use only the first block of the vacl

try the following

no vlan access-map map90 20

then apply again the vacl and tells if you see any difference

VACLs have an implicit deny at the end of the map; a packet is denied if it does not match any ACL entry, and at least one ACL is configured for the packet type.

the second aspect is that a standard ACL is used to match the source IP address only

I would use an extended ACL permitting traffic between the two subnets

no ip access-list standard allow-any

ip access-list extended in-switches

permit ip

permit ip

Hope to help


New Member

Re: VACL help


Thanks for the speedy response and your suggestion worked great.

Thanks again:)

CreatePlease to create content