Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VACL vs Access-Group

I was doing some lab scenarios this afternoon with a couple of layer 3 switches and realized that I can build an access list and apply it to a vlan interface. Since that is the case, what is the logic behind using VACL's?

4 REPLIES

Re: VACL vs Access-Group

Hi Jason,

VACL's can also be used for bridged traffic in a VLAN.

The following link may give you a good explanation on the relationship of IOS acl's and vacl's, on the sequence of processing them for routed and bridged traffic, etc.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/vacl.html

Cheers:

Istvan

Hall of Fame Super Bronze

Re: VACL vs Access-Group

VACLs are processed in hardware in Catalyst switches hence they don't take any CPU cycles. You can run multiple VACLs without affecting the switch utilization.

HTH,

__

Edison.

Re: VACL vs Access-Group

Edison,

Aren't the normal L3 ACLs also compiled in TCAMs and processed in hardware?

Narayan

Hall of Fame Super Bronze

Re: VACL vs Access-Group

I was referring mainly on how is done in Cat6k where you have a SP (Switch Processor) and RP (Route Processor). SP handles the VACL while RP handles the L3 ACLs.

__

Edison.

354
Views
0
Helpful
4
Replies
CreatePlease to create content