From: Vijay S Jayaraman (vjayaram@in.ibm.com)
Date: Thu Nov 07 2002 - 03:32:04 GMT-3
My idea is the absolute source and destination of the packet will have to
be maintained in the VACL.....
But the VACL cannot be applied on an interface like an IP ACL which will
filter traffic based on in and out mentioned in the ip access-group
command......
i.e filtering cannot be done based on direction of traffic on the
interface......
Regards,
Vijay.
"Erick B."
<erickbe@yahoo.co To: Donny MATEO <donny.mateo@sg.ca-indosuez.com>, ccielab@groupstudy.com
m> cc:
Sent by: Subject: Re: VLAN map ACL
nobody@groupstudy
.com
11/07/2002 10:41
AM
Please respond to
"Erick B."
I'm presuming it works similar to 6500 VACLs...
VACLs are applied to VLAN in both directions (no in or
out option) but the source / destination address in
the access-list isn't interchangable - its just like
any other access-list configuration. Lets say your
access-list denys any to IP host 1.2.3.4. Any traffic
coming in or out of the VLAN where VACL is applied
will be denied access to host 1.2.3.4.
Erick B.
CCNP, NNCSE
--- Donny MATEO <donny.mateo@sg.ca-indosuez.com>
wrote:
> Hi All,
>
> if I remember correctly the VLAN map feature will
> filter traffic in both direction (inbound and
> outbound).
> So the source / destination sequence on the IP ACL
> can be put interchangeably ?
> Am I correct on my assumption ? ( I have not got a
> hand on the 3550, so I can't test it right now).
>
> tks
> Donny
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:54 GMT-3