Re: VLAN map ACL

From: Erick B. (erickbe@yahoo.com)
Date: Thu Nov 07 2002 - 04:02:47 GMT-3

• Next message: ÕŽ¨ÐÇ: "How to configure the dialer-list?"
• Previous message: miken: "Re: Compress IOS image"
• Maybe in reply to: Donny MATEO: "VLAN map ACL"
• Next in thread: Vijay S Jayaraman: "Re: VLAN map ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Vijay,

You're right. The VACL might need to be more extensive
since it's for both directions. It depends on what
you're filtering...

--- Vijay S Jayaraman <vjayaram@in.ibm.com> wrote:
>
> My idea is the absolute source and destination of
> the packet will have to
> be maintained in the VACL.....
>
> But the VACL cannot be applied on an interface like
> an IP ACL which will
> filter traffic based on in and out mentioned in the
> ip access-group
> command......
> i.e filtering cannot be done based on direction of
> traffic on the
> interface......
>
> Regards,
> Vijay.
>
>
>
>
>
>
>
>
> "Erick B."
>
>
> <erickbe@yahoo.co To:
> Donny MATEO <donny.mateo@sg.ca-indosuez.com>,
> ccielab@groupstudy.com
> m> cc:
>
>
> Sent by:
> Subject: Re: VLAN map ACL
>
> nobody@groupstudy
>
>
> .com
>
>
>
>
>
>
>
>
> 11/07/2002 10:41
>
>
> AM
>
>
> Please respond to
>
>
> "Erick B."
>
>
>
>
>
>
>
>
>
>
>
> I'm presuming it works similar to 6500 VACLs...
>
> VACLs are applied to VLAN in both directions (no in
> or
> out option) but the source / destination address in
> the access-list isn't interchangable - its just like
> any other access-list configuration. Lets say your
> access-list denys any to IP host 1.2.3.4. Any
> traffic
> coming in or out of the VLAN where VACL is applied
> will be denied access to host 1.2.3.4.
>
> Erick B.
> CCNP, NNCSE
>
> --- Donny MATEO <donny.mateo@sg.ca-indosuez.com>
> wrote:
> > Hi All,
> >
> > if I remember correctly the VLAN map feature will
> > filter traffic in both direction (inbound and
> > outbound).
> > So the source / destination sequence on the IP ACL
> > can be put interchangeably ?
> > Am I correct on my assumption ? ( I have not got a
> > hand on the 3550, so I can't test it right now).
> >
> > tks
> > Donny
>
>
> __________________________________________________
> Do you Yahoo!?
> U2 on LAUNCH - Exclusive greatest hits videos
> http://launch.yahoo.com/u2
>
>
>
>

• Next message: ÕŽ¨ÐÇ: "How to configure the dialer-list?"
• Previous message: miken: "Re: Compress IOS image"
• Maybe in reply to: Donny MATEO: "VLAN map ACL"
• Next in thread: Vijay S Jayaraman: "Re: VLAN map ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:54 GMT-3