ACL and VACL Question Why?

cisGO

Hey guys,

I don't quite get why ACLs can filter traffic travelling between vlans but not traffic from one host to another in the same vlan?

Maybe i'm missing something basic here..

Can someone explain it to me again?

Would be appreciated! Thanks

networker050184

Where would you place that ACL to have it filter between hosts in the same VLAN? You could do port based, but then you need to apply that ACL to every single port in the VLAN....

cisGO

networker050184 wrote: »

Where would you place that ACL to have it filter between hosts in the same VLAN? You could do port based, but then you need to apply that ACL to every single port in the VLAN....

So ACLs can't filter traffic from one host to another in the same vlan because they just doesn't support the function? That's the only reason? Is there no "logical" background reason i'm missing?
Maybe i'm just confused lol

networker050184

ACLs can support this function yes, but you have to apply an ACL somewhere. You could put the ACL on the ports (port based ACLs are not supported on all devices) or you can use a VACL and only do the config once.

cisGO

networker050184 wrote: »

ACLs can support this function yes, but you have to apply an ACL somewhere. You could put the ACL on the ports (port based ACLs are not supported on all devices) or you can use a VACL and only do the config once.

Thanks for the explanation but it's not exactly what i was looking for.
But i found the answer somewhere else.

An ACL is on layer 3, a vlan is on layer 2.
So a host sending in the same vlan doesn't need to go to the default gateway because it's on layer 2.
That was what i was missing!