From: Tolulope Ogunsina (togunsina@gmail.com)
Date: Wed Mar 18 2009 - 08:26:33 ART
When an access-list is applied to an SVI, it only matches traffic
routed THROUGH the SVI. on the other hand, traffic within vlans dont
necessarily pass through the SVI, so ACLs applied to SVIs are not
adequate to match such traffic. VLAN access-maps are designed to do
just that.
So by design, they perform entirely different functions.
HTH,
On 3/18/09, Dale Shaw <dale.shaw@gmail.com> wrote:
> Hi,
>
> On Wed, Mar 18, 2009 at 9:09 PM, Salahaddin Elshekeil
> <salah.elshekeil@gmail.com> wrote:
>> mmm so there is no different?!!
>
> No, they're not the same at all. One key difference is that VLAN maps
> also allow you to filter traffic bridged _within_ a VLAN in the
> switch.
>
> The implementation is very different, too. One example is that VLAN
> maps are "directionless" -- there is no concept of 'in' or 'out'.
>
> Lots of docs on this, so I won't waste everyone's time by reproducing it
> here.
>
> Cheers,
> Dale
>
>> On Wed, Mar 18, 2009 at 1:08 PM, Sadiq Yakasai <sadiqtanko@gmail.com>
>> wrote:
>>
>>> I believe they do the same thing if the platform supports it. Only
>>> problem
>>> is, not all platforms support ACL on SVIs!
>>>
>>> On Wed, Mar 18, 2009 at 9:45 AM, Marc La Porte
>>> <marc.a.laporte@gmail.com>wrote:
>>>
>>>> I believe it has to do with either IP only or not
>>>>
>>>> On Wed, Mar 18, 2009 at 10:37, Salahaddin Elshekeil
>>>> <salah.elshekeil@gmail.com> wrote:
>>>> > Hi experts,
>>>> >
>>>> > Please Can anyone clarify the different between the VACL and the ACL
>>>> > in
>>>> the
>>>> > SVI?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Best Regards,Tolulope.
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART