ACL on SVI posted 03/02/2006
Hi Venkatesh, the way I understand it is that if the source host is on
VLAN100 and the switch B's SVI interface is the default gateway for these
hosts, then you would need to apply an inbound extended ACL to filter
traffic on switch B. 

If the default gateway is switch A's SVI, then the ACL would need to be on

Outbound ACL's are less efficient, as the switch will have to route then
filter, inbound the switch justs filters - less processing.

Cheers, Steve


Schulz, Dave
Venkatesh - I believe that you will need to use a vlan filter, if you
want to filter this traffic within the vlan.

Dave Schulz, 
Email: dschulz@xxxxxxxxxxxxxx

Venkatesh Palani
Hi Guys,

I got confused with applying ACL on to a SVI, say if I have two switches
A and B and there is trunk that permits vlan 100 between them, andl each
the switch has a SVI for this VLAN say switch A's SVI ip address is and switch B SVI's IP address is added to this
switch A connects to the rest of the network. If I want to filter
from some hosts on vlan 100 on switch B to a specific destination in the
network, is it appropriate for me to apply an extended ACL's on switch
SVI with outward direction ?

The reason for this confusion is with Physical or logical interface it
easy to say inside and outside in reference to router CPU but with a SVI
inside/outside can be seen in two different ways...

any help is appreciated

Thank you,

Subscription information may be found at:

