Header Only - DO NOT REMOVE - Extreme Networks

Controlling Vlan ingress/egress with ACL's

  • 23 October 2013
  • 2 replies

Userlevel 1
Would someone please explain how Enterasys applies ACL's to traffic entering and exiting a Vlan? Also how does Enterasys determine when a packet enters or exits the Vlan as this will affect how an ACL should be interpreted?

2 replies

Userlevel 1
First off let me put my disclaimer here. I am not an expert with ACLs, but have worked with them some, mostly in the past. It is my rememberence that ingress/egress has little meaning when applied to a VLAN. Unlike a port that has only one point of ingress/egress, a VLAN may have many. The consequence is that both source and destination may ingress and/or egress to the VLAN. As you have discovered it makes writing ACLs difficult. Generally you will need to create them with bilateral direction in mind. I personally tried to avoid ACL or policy tied to VLANs.
Userlevel 2
Hi Charlie, I have one of our experts looking at this now and should have an answer for you shortly. Thanks!