VACL vs PVLAN;which should i use?

nethackernethacker Senior MemberMember Posts: 184 ■■■□□□□□□□
hello experts in the house, i have come again with my question as usual.Do you think it'll be better if i use a VACL to filter traffic between vlans or i should use PVLAN? I place POS servers,POS terminals and users whose PCs need to talk to the POS servers in the same vlan/subnet. Now, i can ping the POS servers from any vlan in the network but i don't want other vlans to talk to this server vlan because other vlans don't use any resources residing on the server vlans. So am i better off using VACL or PVLAN as i only want the PCs that need to talk to the server gain access to it,every other PCs outside the servers subnet should be denied. This VACL & PVLAN thing seems to be so confusing.

Advise will highly be appreciated
JNCIE | CCIE | GCED

Comments

  • cisco_troopercisco_trooper Member Posts: 1,441 ■■■■□□□□□□
    You won't be using either here. You just need an ACL on the VLAN's SVI (Switched Virtual Interface).
  • pham0329pham0329 Senior Member Member Posts: 556
    Agreed with cisco_trooper. Sorry, I'm probably going to get some heat for this but I have to ask, how are you a CCNA Security and CCNP if you don't know the difference between ACL, VACL, and PVLAN and their applications?
  • nethackernethacker Senior Member Member Posts: 184 ■■■□□□□□□□
    pham0329 wrote: »
    Agreed with cisco_trooper. Sorry, I'm probably going to get some heat for this but I have to ask, how are you a CCNA Security and CCNP if you don't know the difference between ACL, VACL, and PVLAN and their applications?

    I understand you but i just want advise from people that might have done it before. What is good for the goose might also be good for the gander unless TE is no more a place where knowledge is being shared. FYI, i have implemented VACL and PVLAN, VACL seems to be working fine for me and serve the exact purpose which PVLAN couldn't. I don't get to work with these technologies everyday and we all have our area of specialties despite our certifications. Back to your question, i think you should ask that question if i had requested command syntax and where to apply the subject matter. Not everyone that ask questions are dumb and not everyone that ask questions don't know what to do. Try and re-read my post and you'll see the last statement which says "ADVISE WILL HIGHLY BE APPRECIATED"

    @cisco trooper, Thanks
    JNCIE | CCIE | GCED
  • pham0329pham0329 Senior Member Member Posts: 556
    Let me preface this by saying that I was accused of dumping an exam by another TE member not too long ago so I know how it feels, but the thing is, when you say you're a CCNP, there are things that you should already know. I didn't say you were dumb, or you don't know what you're doing. I'm, well, curious, as to how you pass the CCNA Security and CCNP without a good understanding of the different types of ACLs

    You want to deny access to one subnet, from other subnets and you're deciding on whether to use a VACL or PVLAN? That doesn't make any sense to me. PVLAN have various uses, one of which is to segment hosts on the same subnet, so for your purpose, this shouldn't even be your radar.

    TE is a great community, and I think we should all try to keep it that way. Part of that is to try and ensure the integrity of the board and its member, and to provide good, helpful information so that those new to the field doesn't get their head filled with garbage. Personally, TE is one of the first place I turn to for help, and when I was new here, if I saw "CCNP" next to someone's name, I pay close attention to what they say as I expect them to know what they're talking about.
  • nethackernethacker Senior Member Member Posts: 184 ■■■□□□□□□□
    pham0329 wrote: »
    Let me preface this by saying that I was accused of dumping an exam by another TE member not too long ago so I know how it feels, but the thing is, when you say you're a CCNP, there are things that you should already know. I didn't say you were dumb, or you don't know what you're doing. I'm, well, curious, as to how you pass the CCNA Security and CCNP without a good understanding of the different types of ACLs

    You want to deny access to one subnet, from other subnets and you're deciding on whether to use a VACL or PVLAN? That doesn't make any sense to me. PVLAN have various uses, one of which is to segment hosts on the same subnet, so for your purpose, this shouldn't even be your radar.

    TE is a great community, and I think we should all try to keep it that way. Part of that is to try and ensure the integrity of the board and its member, and to provide good, helpful information so that those new to the field doesn't get their head filled with garbage. Personally, TE is one of the first place I turn to for help, and when I was new here, if I saw "CCNP" next to someone's name, I pay close attention to what they say as I expect them to know what they're talking about.
    of course i understand you and i was there on the forum when you were accused of dumping. I have not gone far up to CCIE knowledge when it comes to security so i would appreciate input from people that are more knowledgeable than i am. That doesn't mean i am not knowledgeable too but we all work on different things at different times and what we work on the most becomes part of us. i know netadmins and engineers who know so much about MPLS & BGP, they have pretty good understanding of switching but don't do switching due to their job responsibilities.They have CCNP too FYI. So my friend, i don't see anything in asking questions. even experts get stuck in some situations and they ask for advise from other colleagues but that doesn't mean they don't know their stuff.icon_lol.gif
    JNCIE | CCIE | GCED
Sign In or Register to comment.