- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: ACL on SVI posted 03/02/2006
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Hi Venkatesh, the way I understand it is that if the source host is on
VLAN100 and the switch B's SVI interface is the default gateway for these
hosts, then you would need to apply an inbound extended ACL to filter
traffic on switch B. 

If the default gateway is switch A's SVI, then the ACL would need to be on

Outbound ACL's are less efficient, as the switch will have to route then
filter, inbound the switch justs filters - less processing.

Cheers, Steve


-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Schulz, Dave
Sent: 02 March 2006 20:27
To: Venkatesh Palani; ccielab@xxxxxxxxxxxxxx
Subject: RE: ACL on SVI

Venkatesh - I believe that you will need to use a vlan filter, if you
want to filter this traffic within the vlan.

Dave Schulz, 
Email: dschulz@xxxxxxxxxxxxxx

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Venkatesh Palani
Sent: Thursday, March 02, 2006 12:08 PM
To: ccielab@xxxxxxxxxxxxxx
Subject: ACL on SVI

Hi Guys,

I got confused with applying ACL on to a SVI, say if I have two switches
A and B and there is trunk that permits vlan 100 between them, andl each
the switch has a SVI for this VLAN say switch A's SVI ip address is and switch B SVI's IP address is added to this
switch A connects to the rest of the network. If I want to filter
from some hosts on vlan 100 on switch B to a specific destination in the
network, is it appropriate for me to apply an extended ACL's on switch
SVI with outward direction ?

The reason for this confusion is with Physical or logical interface it
easy to say inside and outside in reference to router CPU but with a SVI
inside/outside can be seen in two different ways...

any help is appreciated

Thank you,

Subscription information may be found at:

Subscription information may be found at: