I think, if you configure VACL then only permitted traffic will be allowed
to exist in the vlan and when it hits the vlan interface then it should be
filtered accordingly. Means that first traffic will have to be allowed to
exist in the vlan (by using VACL) and once it will hit the L3 vlan interface
then L3 traffic will be filtered as per ACL used in access-group.
On Thu, Apr 9, 2009 at 10:17 AM, Ryan West <rwest_at_zyedge.com> wrote:
> Jack,
>
> I think you can only use RACLs with SVIs, you could still use a vlan filter
> to pull in your mac access-list or apply the mac access-list to all the
> ports you want to filter.
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Jack Tsai
> Sent: Thursday, April 09, 2009 9:59 AM
> To: Cisco certification
> Subject: MAC access-list co-exist with IP access-list in the same direction
>
> There exists an IP access-list into an SVI vlan as follows:
> ip access-g in TRA
>
> Can I add a MAC access-list into the same vlan (same direction)?
>
> Thanks,
> Jack
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 10 2009 - 12:55:35 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART