VLAN Access Lists

VLAN Access Control Lists or VACLs are a security feature used in network switches to provide access control for traffic within a VLAN. VACLs are similar to ACLs but are applied specifically to VLANs.

VACLs function by defining a set of rules or filters that determine which types of network traffic are allowed or denied between devices within the same VLAN. These rules are typically based on criteria such as source and destination IP addresses, source and destination MAC addresses, and protocol types.

VACLs can be implemented on a switch that operates only on Layer 2, even though Layer 3 elements such as IPv4 or IPv6 addresses can also be used as criteria for filtering.

By implementing VACLs, network administrators can enhance security, control traffic flow, and isolate specific devices or users within a VLAN. This can help prevent unauthorized access, mitigate potential network attacks, and maintain overall network performance.

Like ACLs, VACLs have an implicit deny at the end that must be taken into account whenever configuring them.

Links:

https://networklessons.com/cisco/ccie-routing-switching/vlan-access-list-vacl

https://forum.networklessons.com/t/vlan-access-list-vacl/1155/55?u=lagapidis