Re: VACL vs ACL

From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Wed Mar 18 2009 - 08:41:11 ART

• Next message: Edouard Zorrilla: "Re: VACL vs ACL"
• Previous message: Dale Shaw: "Re: VACL vs ACL"
• Maybe in reply to: Salahaddin Elshekeil: "VACL vs ACL"
• Next in thread: Edouard Zorrilla: "Re: VACL vs ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I overlooked local traffic on a VLAN, which would not pass over an SVI. As
for the question of direction, it is implicit in the ACL the VACL matches
though, right Dale?

On Wed, Mar 18, 2009 at 11:26 AM, Tolulope Ogunsina <togunsina@gmail.com>wrote:

> When an access-list is applied to an SVI, it only matches traffic
> routed THROUGH the SVI. on the other hand, traffic within vlans dont
> necessarily pass through the SVI, so ACLs applied to SVIs are not
> adequate to match such traffic. VLAN access-maps are designed to do
> just that.
> So by design, they perform entirely different functions.
>
>
> HTH,
>
> On 3/18/09, Dale Shaw <dale.shaw@gmail.com> wrote:
> > Hi,
> >
> > On Wed, Mar 18, 2009 at 9:09 PM, Salahaddin Elshekeil
> > <salah.elshekeil@gmail.com> wrote:
> >> mmm so there is no different?!!
> >
> > No, they're not the same at all. One key difference is that VLAN maps
> > also allow you to filter traffic bridged _within_ a VLAN in the
> > switch.
> >
> > The implementation is very different, too. One example is that VLAN
> > maps are "directionless" -- there is no concept of 'in' or 'out'.
> >
> > Lots of docs on this, so I won't waste everyone's time by reproducing it
> > here.
> >
> > Cheers,
> > Dale
> >
> >> On Wed, Mar 18, 2009 at 1:08 PM, Sadiq Yakasai <sadiqtanko@gmail.com>
> >> wrote:
> >>
> >>> I believe they do the same thing if the platform supports it. Only
> >>> problem
> >>> is, not all platforms support ACL on SVIs!
> >>>
> >>> On Wed, Mar 18, 2009 at 9:45 AM, Marc La Porte
> >>> <marc.a.laporte@gmail.com>wrote:
> >>>
> >>>> I believe it has to do with either IP only or not
> >>>>
> >>>> On Wed, Mar 18, 2009 at 10:37, Salahaddin Elshekeil
> >>>> <salah.elshekeil@gmail.com> wrote:
> >>>> > Hi experts,
> >>>> >
> >>>> > Please Can anyone clarify the different between the VACL and the ACL
> >>>> > in
> >>>> the
> >>>> > SVI?
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Best Regards,
>
> Tolulope.
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

• Next message: Edouard Zorrilla: "Re: VACL vs ACL"
• Previous message: Dale Shaw: "Re: VACL vs ACL"
• Maybe in reply to: Salahaddin Elshekeil: "VACL vs ACL"
• Next in thread: Edouard Zorrilla: "Re: VACL vs ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:05 ART