What is the difference between ACL and VACL?

[penghon]

Is there any differences between the two other than the fact that the "traditional" ACL is easier to create than VACLs.

 

[tschouten]

This is the easiest description I could find to seperate them for you.

An ACL is different from a VACL in the fact that VACLs ( VLAN Access Control Lists)are strictly for security packet filtering and redirecting traffic to specific physical switch ports. VACLs can be configured on the switch to apply to all packets that are routed into or out of a VLAN or are bridged within a VLAN.

Access lists filter network traffic by controlling whether routed packets are forwarded or blocked at the router's interfaces. Your router examines each packet to determine whether to forward or drop the packet, based on the criteria you specified within the access lists.

Access list criteria could be the source address of the traffic, the destination address of the traffic, the upper-layer protocol, or other information. Note that sophisticated users can sometimes successfully evade or fool basic access lists because no authentication is required.

 

[wybnormal]

One of the common uses of the VACL is to manage traffic flow to an IDSM sensor blade on a switch. The traffic that doesnt match the VACL is blocked and the traffic that meets the requirements is allowed to pass.. this can a VLAN, a number of VLANs, a complete trunk, selected protocols and so on. You get the picture that a VACL is very granular.

MikeS


Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu