+ Reply to Thread
Results 1 to 5 of 5
  1. Junior Member
    Join Date
    Jul 2016
    Location
    Switzerland
    Posts
    7

    Certifications
    CCNA R&S
    #1

    Default ACL and VACL Question Why?

    Hey guys,

    I don't quite get why ACLs can filter traffic travelling between vlans but not traffic from one host to another in the same vlan?

    Maybe i'm missing something basic here..

    Can someone explain it to me again?

    Would be appreciated! Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,680

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #2
    Where would you place that ACL to have it filter between hosts in the same VLAN? You could do port based, but then you need to apply that ACL to every single port in the VLAN....
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Jul 2016
    Location
    Switzerland
    Posts
    7

    Certifications
    CCNA R&S
    #3
    Quote Originally Posted by networker050184 View Post
    Where would you place that ACL to have it filter between hosts in the same VLAN? You could do port based, but then you need to apply that ACL to every single port in the VLAN....
    So ACLs can't filter traffic from one host to another in the same vlan because they just doesn't support the function? That's the only reason? Is there no "logical" background reason i'm missing?
    Maybe i'm just confused lol
    Reply With Quote Quote  

  5. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,680

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #4
    ACLs can support this function yes, but you have to apply an ACL somewhere. You could put the ACL on the ports (port based ACLs are not supported on all devices) or you can use a VACL and only do the config once.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Jul 2016
    Location
    Switzerland
    Posts
    7

    Certifications
    CCNA R&S
    #5
    Quote Originally Posted by networker050184 View Post
    ACLs can support this function yes, but you have to apply an ACL somewhere. You could put the ACL on the ports (port based ACLs are not supported on all devices) or you can use a VACL and only do the config once.
    Thanks for the explanation but it's not exactly what i was looking for.
    But i found the answer somewhere else.

    An ACL is on layer 3, a vlan is on layer 2.
    So a host sending in the same vlan doesn't need to go to the default gateway because it's on layer 2.
    That was what i was missing!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks