Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1795
Views
0
Helpful
4
Replies

VACL & VMware

Go to solution
fromthesky
Level 1
Level 1

‎07-01-2012 01:52 AM - edited ‎03-07-2019 07:32 AM

Hi,

I would like to implement VLAN ACL on a layer 3 switch for filtering traffic between servers in the same VLAN. I have a doubt: I have several virtual server in this VLAN and I wonder if the VMware virtual switch will allow the virtual servers to bypass the VACL. Do you have any experience with this kind of implementation?

Thanks,

Matteo

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Brian Morrissey
Cisco Employee
Cisco Employee

‎07-01-2012 07:55 AM

Hi Matteo,

With a standard VMware vswitch the virtual servers will still be allowed to talk to each other.  To filter traffic within the same vlan you would need to use a solution like the nexus 1000v and pvlans.

http://www.vmware.com/files/pdf/technology/cisco_vmware_virtualizing_the_datacenter.pdf

View solution in original post

0 Helpful

Go to solution
Brian Morrissey
Cisco Employee
Cisco Employee
In response to fromthesky

‎07-01-2012 01:21 PM

Hi Matteo,

Correct, if the VACL is defined only on the distribution switch and the servers are connected to the same access switch the traffic wouldn't be filtered unless the VACL was defined on the access switch too.  Here is a good doc on the placement of VACLs http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swacl.html#wp1600472

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Brian Morrissey
Cisco Employee
Cisco Employee

‎07-01-2012 07:55 AM

Hi Matteo,

With a standard VMware vswitch the virtual servers will still be allowed to talk to each other.  To filter traffic within the same vlan you would need to use a solution like the nexus 1000v and pvlans.

http://www.vmware.com/files/pdf/technology/cisco_vmware_virtualizing_the_datacenter.pdf

0 Helpful

Go to solution
fromthesky
Level 1
Level 1
In response to Brian Morrissey

‎07-01-2012 12:23 PM

Thank you Brian. Just another question. Suppose to have a VACL applied on VLAN 10 the distribution and two servers in VLAN 10 connected to the same access switch. In this case, would the traffic between the two servers be filtered by the VACL? I would say no, but therefore when would the VACLs be applied effectively?

0 Helpful

Go to solution
Brian Morrissey
Cisco Employee
Cisco Employee
In response to fromthesky

‎07-01-2012 01:21 PM

Hi Matteo,

Correct, if the VACL is defined only on the distribution switch and the servers are connected to the same access switch the traffic wouldn't be filtered unless the VACL was defined on the access switch too.  Here is a good doc on the placement of VACLs http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swacl.html#wp1600472

0 Helpful

Go to solution
fromthesky
Level 1
Level 1
In response to Brian Morrissey

‎07-03-2012 01:44 AM

Thanks.

Matteo

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card