Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vlan access lists

Hi all, with a vlan when I add an access list, how do I know which is in and out when applying it ?

3 REPLIES

Re: vlan access lists

I think vlan interface in L3 switch logically represents the physical interface that is a member of the configured vlan. Therefore the following;

interface vlan100

ip access-group 100 in

is ingress to all physical interface which is configured with vlan100

interface vlan100

ip access-group 101 out

is egress to all physical interface which is configured with vlan100

but wait for experts to reply :)

Green

Re: vlan access lists

^^ I'm no expert, but you are correct.

Cisco Employee

Re: vlan access lists

As mentioned the following are correct.

interface vlan1

ip access-group 1 in (indicates in)

interface vlan1

ip access-group 11 out (indicates out)

The case is different if its a VACL in that case the map is applied as soon as the frame reaches the switch(not the SVI).

let me know if this helps,if not pls clarify more on the question,

Rakesh

128
Views
8
Helpful
3
Replies
CreatePlease login to create content