From: Rich Collins (nilsi2002@gmail.com)
Date: Thu Dec 13 2007 - 20:37:58 ART
Yes a VACL provides some granularity for what gets filtered. You have to
understand the actions forward and discard and the proper order. This is
not always as intuitive as normal layer3 access lists.
On Dec 13, 2007 8:56 AM, Joseph Saad <joseph.samir.saad@gmail.com> wrote:
> Private Vlan can work across multiple switches. VACL's work on the same
> switch only.
>
> I'd suggest that you go through config guide for both Private VLAN and
> Switch Access list of the 3560.
>
> Joseph.
> On Dec 13, 2007 5:09 PM, Dane Newman <dnewman@datasc.com> wrote:
>
> > Can someone explain when to use each in different situations?
> >
> > From what I understand private vlans are used to prevent hosts from
> > communicating with each other in the same vlan. We can put them in
> > communities so they an talk to each other in the same community and the
> > primary vlan or isolate them so they can only talk to the primary vlan.
> >
> > From what I understand we can use the vlan filter command to attach a
> vlan
> > access-map to the vlan which works like a route map doing top down
> > matching
> > till it finds a hit.
> >
> > It strikes me we can use them both to accomplish the same goals if Im
> not
> > wrong but you can be more specific in what kind of traffic can
> communicate
> > with the VACL? Is this a ok assumption to say we need to use VACL if we
> > want to match specific traffic ? I'm just alittle confused when to pick
> > what method? Can someone clarify when to use what?
> >
> > Dane
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:30 ARST