Racl Vacl and PACL Many Types of ACLs

ACLs found on Ethernet switches often come in many shapes and forms, mostly because of the differences in hardware and software architectures on those platforms, but also because the functionality provided by ACLs has evolved over time. You are likely to come across three types of ACLs on an Ethernet switch:

• Router ACL (RACL). An IP-based ACL that is applied to a routed interface. It is the most common type of ACL. The ACL used in Example 16-1 is a RACL.

• VLAN ACL (VACL). Applies to traffic entering and leaving a VLAN. It is globally applied to all ports in a given VLAN. It can filter both on Layer 2 criteria (MAC addresses) and Layer 3 and 4 parameters, just like a RACL.

• Port-based ACL (PACL). A VACL applied to an individual switch port inside a VLAN.

Several switches also ship with options to perform more operations on packets than the standard permit/deny. For example, it is common for LAN switches to provide the capability to capture traffic matched by an ACL and send it off a capture port where a traffic analyzer resides. Another type of action includes redirecting matching traffic from its incoming port to another port.

Table 16-1 summarizes the differences and nuances of the three ACL types, which are detailed in the following sections.

Table 16-1 VACL/RACL/PACL: Summary

Table 16-1 summarizes the differences and nuances of the three ACL types, which are detailed in the following sections.

Table 16-1 VACL/RACL/PACL: Summary

RACL

VACL

PACL

Permits or denies the movement of traffic between Layer 3 subnets

Permits or denies the movement of traffic between Layer 3 subnets/VLANs or within a VLAN

Permits or denies the movement of traffic between Layer 3 subnets/VLANs or within a VLAN

Applied as an input or output policy to a Layer 3 interface

Applied as a policy to a VLAN interface; inherently applied to both inbound and outbound traffic

Applied as a policy to a Layer 2 switch port interface; applied for inbound traffic only

+1 0

Responses

  • rita medhanie
    How to configure pacl and vacl on the same switch?
    10 months ago

Post a comment