From: nobody@lockdown.nu
Date: Wed Mar 01 2006 - 17:40:28 GMT-3
Hi Venkatesh, the way I understand it is that if the source host is on
VLAN100 and the switch B's SVI interface is the default gateway for these
hosts, then you would need to apply an inbound extended ACL to filter
traffic on switch B.
If the default gateway is switch A's SVI, then the ACL would need to be on
A.
Outbound ACL's are less efficient, as the switch will have to route then
filter, inbound the switch justs filters - less processing.
Cheers, Steve
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: 02 March 2006 20:27
To: Venkatesh Palani; ccielab@groupstudy.com
Subject: RE: ACL on SVI
Venkatesh - I believe that you will need to use a vlan filter, if you
want to filter this traffic within the vlan.
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Venkatesh Palani
Sent: Thursday, March 02, 2006 12:08 PM
To: ccielab@groupstudy.com
Subject: ACL on SVI
Hi Guys,
I got confused with applying ACL on to a SVI, say if I have two switches
say
A and B and there is trunk that permits vlan 100 between them, andl each
of
the switch has a SVI for this VLAN say switch A's SVI ip address is
10.0.0.1/24 and switch B SVI's IP address is 10.0.0.2/24. added to this
is
switch A connects to the rest of the network. If I want to filter
traffic
from some hosts on vlan 100 on switch B to a specific destination in the
network, is it appropriate for me to apply an extended ACL's on switch
B's
SVI with outward direction ?
The reason for this confusion is with Physical or logical interface it
is
easy to say inside and outside in reference to router CPU but with a SVI
the
inside/outside can be seen in two different ways...
any help is appreciated
Thank you,
venkatesh
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:37 GMT-3