Network Management

 View Only
Back to discussions
Expand all | Collapse all

Apply access-list to VLAN or to VLAN-interface

This thread has been viewed 28 times

  • 1.  Apply access-list to VLAN or to VLAN-interface

    Posted Nov 27, 2023 02:43 AM
    Edited by lanman Nov 27, 2023 02:43 AM

    Hi,

    using the AOS-CX operating system there are 2 ways to apply ACLs to VLANs:

    in the VLAN interface context: apply access-list ip NAME routed-in

    OR

    in the VLAN context: apply access-list ip NAME in

    Can anyone explain what the difference is? My guess is that to apply ACLs between VLANs I should probably apply them on the VLAN interface.

    Regards,

    Steven



  • 2.  RE: Apply access-list to VLAN or to VLAN-interface

    Posted Mar 18, 2025 01:10 PM

    Hello,

    in the v-lan context you can also use mac based ACLs to reglement L2 traffic.
    On interface v-lan context, you typically will filter only routed traffic.
    Check this: AOS-CX 10.13 ACLs and Classifier Policies Guide for 6300, 6400, 8360 Switches

    (config)# interface vlan 20
(config-if-vlan)# apply access-list
  ip    Internet Protocol v4 (IPv4)
  ipv6  Internet Protocol v6 (IPv6)
(config-if-vlan)# apply access-list ip
  NAME  The ACL name (maximum 64 characters)
(config-if-vlan)# apply access-list ip aa
  routed-in   Routed inbound (ingress) traffic
  routed-out  Routed outbound (egress) traffic

VS

(config)# vlan 20
(config-vlan-20)# apply access-list
  ip    Internet Protocol v4 (IPv4)
  ipv6  Internet Protocol v6 (IPv6)
  mac   Ethernet MAC Protocol (MAC)
(config-vlan-20)# apply access-list ip aa
  in   Inbound (ingress) traffic
  out  Outbound (egress) traffic


    ------------------------------
    Best regards, mom
    ------------------------------

    Original Message


Related Content