11-4. VLAN Access Control Lists

• Access control lists (ACL) define how traffic is to be handled as it passes through a network device.

• ACLs use addressing and port information to control conversations.

• ACLs are typically implemented in routers, but new hardware enables Layer 2 and Layer 3 switches to consult the list before passing the packet.

• ACLs enable users to configure any switch to control traffic based on Layer 3 and above of the OSI reference model.

• These ACLs are mapped to a VLAN or a Layer 2 port to control traffic flows.

• VACLs are controlled in hardware and are not supported on all platforms.

• Currently VACLs are supported on the 6500, 4500, 3560, and 3750 series switches.

The VLAN ACL (VACL) is an ACL that specifies traffic parameters based on Layer 3 and above information that is applied to a Layer 2 VLAN or in some instances a Layer 2 interface. These lists offer a benefit over traditional router access lists of being applied in hardware and, therefore, being faster than traditional ACLs. They also add the capability to filter traffic within an IP subnet and beyond the IP subnet. Although the functionality is the same between operating systems, the configuration differs. This section is divided into two parts. The set of commands specifies the VACL configuration on IOS devices that support VACLs. Use the steps in each section to configure and apply VACLs on your switch. These steps apply to only IP VACLs because this is a protocol that is supported for all the platforms listed. It is possible to configure IPX VACLs for some platforms. Although the syntax and process are the same, the protocol options differ for IPX.