Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACL's and VLan interfaces

I am trying to understand the boundries of a Vlan on a given switch. When a packet that is passed from Vlan int 1 to Vlan int 2 on the same switch if Vlan 2 has an inbound ACL denying this packet would it get acted upon in this manner or does the ACL only get introduced if the packet enters a physical interface.

4 REPLIES

Re: ACL's and VLan interfaces

Hi

Yeh this will have the same effect as applied to physical interface.

Thanks

Mahmood

Community Member

Re: ACL's and VLan interfaces

Thanks for the reply.

If that is the case then does it mean that if my packet originates on access switch 1 (vlan 1), is passed to distribution switch 1 where the vlan interfaces are located (and thus the ACL's) and gets passed to vlan interface 2 and out to access switch 2 (vlan 2) that this packet would have to pass 2 inbound ACL's? One for Vlan 1 on the physical ingress port and 1 on vlan 2 on the logical Vlan interface 2?

Re: ACL's and VLan interfaces

Hi

If one more access-list is defined at the vlan2 interface then sure it has to pass through it.

Thanks

Mahmood

Silver

Re: ACL's and VLan interfaces

A packet coming into a device from one interface and going out another interface does not pass two 'inbound' ACLs. It can pass two ACLs but one will be inbound and one will be outbound.

The situation is no different when you are using logical interfaces like SVI (L3 VLAN interfaces). In your case if you have an ACL defined inbound on VLAN 1 in the distribution switch then the packets coming into VLAN1 will be subject to inspection against the rules of this ACL. However, if there is no outbound ACL for VLAN 2 then packets leaving the distribution switch and going out of VLAN 2 to switch 2 will not be subject to any ACLs.

The concept of inbound and outbound is the same in case of both physical interfaces or logical interfaces.

279
Views
0
Helpful
4
Replies
CreatePlease to create content