Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VACL or ACL?

I don't know much about VACLs so I want to pose this question. I have a server on a VLAN that only needs to be accessed to by a few servers on another VLAN. I want to block traffic from all servers and workstations with the exception of those few. My question is would it be better to use a VACL or an ACL? Are VACLs more efficient than ACLs because they use layer2? I know how to build a ACL but not a VACL for this situation. The reason for this is security. Any help would be great.

1 REPLY

Re: VACL or ACL?

VACLs apply to *all* traffic going through the VLAN they are applied to (both inbound and outbound).

Compared to a ACL on the router, ACLs are inbound and/or outbound on a interface basis and filtering is done routing between subnets.

VACLs apply to all ports in a VLAN so someone in that VLAN could be denied access to a resource in the same VLAN without touching a router.

If you have a newer switch (6000 series) with a MSFC and a PFC then the speed difference shouldn't be a factor, since both ACLs and VACLs are ran in the ASICs.

1428
Views
0
Helpful
1
Replies
CreatePlease to create content