
The main difference between a [VLAN Access Control List (VACL)](/vacl-use-cases) and a regular [Access Control List (ACL)](/acl) lies in their functionality and application. 

A regular ACL, which can be either standard or extended, is primarily used for filtering network traffic. It can be applied on a router’s interface, either inbound or outbound, and controls traffic based on source and/or destination [IP addresses](/ipv4) and [Transport layer ports](/transport-layer-port-number).

In contrast, a VACL defines rules or filters that determine which types of network traffic are allowed or denied between devices within the same [VLAN](/vlan). These rules are typically based on criteria such as source and destination IP addresses, source and destination [MAC address](/mac-address)es, and protocol types.

When an ACL is applied to a VLAN interface or a [Switched Virtual Interface (SVI)](/switching-switched-virtual-interface-svi), it filters any traffic directed to or from that interface. However, applying a VACL to a VLAN means that all traffic traversing the VLAN, regardless of its destination, is subject to the VACL rules.

Links:

https://forum.networklessons.com/t/vlan-access-list-vacl/1155/64?u=lagapidis

https://networklessons.com/cisco/ccie-routing-switching/standard-access-list-example-on-cisco-router

https://networklessons.com/cisco/ccie-routing-switching/extended-access-list-example-on-cisco-router

https://networklessons.com/cisco/ccie-routing-switching/vlan-access-list-vacl



VACL vs ACL

Switchport access

Switchport modes

Switchport trunk configuration ignores access commands

Switchport trunk encapsulation

Switchport trunk

Symmetric Digital Subscriber Line (SDSL)

Syslog - Logging buffered command

Syslog - logging discriminator

Syslog - terminal monitor

Syslog relay or proxy

Syslog severity levels

Syslog

TCP - Congestion control

TCP - Header

TCP - SEQ and ACK values

TCP - Slow start

TCP - Three-way handshake

TCP - Urgent pointer field

TCP - Window Size Scaling

TCP - factors affecting segment size

TCP - role of checksum field

TCP MSS and window size

TCP RST flag

TCP SYN timeout

TCP header options

TCP phantom byte

TCP-IP model

TFTP

Tcl Shell

Telnet

Time to live

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traceroute

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting a slow network

Troubleshooting high CPU and memory usage on a switch

UDP - Header

UDP - Maximum Datagram Size

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unknown unicast traffic

Upgrade your R&S skills to modern networking

VACL - Changes to ACL are active immediately

VACL - use cases

VLAN - Extended Range

VLAN - Native VLAN best practices

VLAN - Native VLAN on a router on a stick

VLAN - Private VLAN

VLAN - QinQ troubleshooting

VLAN - Trunk interfaces don't appear in `show vlan` output

VLAN - VLAN IDs 0 and 4095

VLAN Access Lists

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs - when a tagged frame arrives on an access port

VLANs SVI

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - Interesting Traffic

VPN - NAT Exemption

VPN - crypto keepalive

VPN - default gateway for site to site VPN

VPN - default gateway of VPN client

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

VRF capability vrf-lite command

VRF lite route leaking

VRF sharing across multiple routers

VRF use cases

VRRP - Virtual IP doesn't respond to pings

VRRP - load balancing

VRRP - support for authentication

VRRP - using the same ID on different interfaces

VRRP - using the same ID on subinterfaces

VRRP on sub-interfaces

VTP - Client can't modify VLANs

VTP - Code Field

VTP - Multiple Servers with VTP version 2

VTP - Per interface configuration

VTP - Pruning the Extended VLAN ID Range

VTP - Revision Numbers on transparent switch

VTP - Versions

VTP - domain name automatically changes

VTP - employing in an emulator