Discussion in 'Cisco' started by Amy L., Sep 7, 2004.

  1. Amy L.

    Amy L. Guest

    It seems that when you apply an access list to a switch to control
    inter-vlan routing on a L3 switch that its backwards to how you apply
    access lists to a router.

    For example, if you have two vlans (VLAN 2 & VLAN 3) and you want to
    control traffic out of VLAN 2 into VLAN 3 you would apply that access
    list as "in" on VLAN 2. This seems backwards to me, but I am sure
    this is due to a matter or perspective. I figured since the traffic
    is leaving vlan 2 and entering vlan 3 that it would be an outbound
    access list on vlan 2, but my testing in the lab tells me otherwise.

    Can someone set me straight?
    Amy L., Sep 7, 2004
  2. "in" and "out" are relative to the router, not the networks. So an "in"
    ACL processes packets that come into the router through that switch
    port. This is exactly the same as how it works with regular interfaces
    on routers.
    Barry Margolin, Sep 7, 2004
