VACL vs ACL

The main difference between a VLAN Access Control List (VACL) and a regular Access Control List (ACL) lies in their functionality and application.

A regular ACL, which can be either standard or extended, is primarily used for filtering network traffic. It can be applied on a router’s interface, either inbound or outbound, and controls traffic based on source and/or destination IP addresses and Transport layer ports.

In contrast, a VACL defines rules or filters that determine which types of network traffic are allowed or denied between devices within the same VLAN. These rules are typically based on criteria such as source and destination IP addresses, source and destination MAC addresses, and protocol types.

When an ACL is applied to a VLAN interface or a Switched Virtual Interface (SVI), it filters any traffic directed to or from that interface. However, applying a VACL to a VLAN means that all traffic traversing the VLAN, regardless of its destination, is subject to the VACL rules.

Links:

https://forum.networklessons.com/t/vlan-access-list-vacl/1155/64?u=lagapidis

https://networklessons.com/cisco/ccie-routing-switching/standard-access-list-example-on-cisco-router

https://networklessons.com/cisco/ccie-routing-switching/extended-access-list-example-on-cisco-router

https://networklessons.com/cisco/ccie-routing-switching/vlan-access-list-vacl