HOME

TheInfoList



Click Here for Items Related To - VLAN Access Control List
OR:
VLAN Access Control List on:   [Wikipedia]   [Google]   [Amazon]

A VLAN access control list (VACL) provides access control for all packets that are bridged within a
VLAN A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer ( OSI layer 2).IEEE 802.1Q-2011, ''1.4 VLAN aims and benefits'' In this context, virtual, refers to a phys ...
or that are routed into or out of a VLAN. Unlike regular
Cisco IOS The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems. The system is a package of routing, switching, internetworking, an ...
access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on giv ...
s that are configured on router interfaces and applied on routed packets only, VACLs apply to all packets. The technology was developed by
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational corporation, multinational digital communications technology conglomerate (company), conglomerate corporation headquartered in San Jose, California. Cisco develo ...
on the Catalyst 6500 Series switch platform. VACLs may be used in similar fashion to a SPAN port or
network tap A network tap is a system that monitors events on a local network. A tap is typically a dedicated hardware device, which provides a way to access the data flowing across a computer network. The network tap has (at least) three ports: an ''A port ...
, as a way to replicate computer network data that is coming into and leaving from a computer or a network. This is useful if you want to monitor traffic. Often, this configuration is used to facilitate
data loss prevention Data loss prevention (DLP) software detects potential data breaches/data ex-filtration transmissions and prevents them by monitoring, detecting and blocking sensitive data while ''in use'' (endpoint actions), ''in motion'' (network traffic), and ' ...
(DLP) or network-based Intrusion prevention systems. VACL or VACL Ports can be much more discriminating of the traffic they forward compared to a standard SPAN port. They may be set to only forward specific types or specific VLANs to the monitoring port. However, they forward all traffic that matches the criteria, as they do not have the functionality to select from
ingress Ingress may refer to: Science and technology * Ingress (signal leakage), the passage of an outside signal into a coaxial cable * Ingress filtering, a computer network packet filtering technique * Ingress protection rating, a protection level t ...
or egress traffic like SPAN ports.


See also

* Virtual private network *
Private VLAN Private or privates may refer to: Music * "In Private", by Dusty Springfield from the 1990 album ''Reputation'' * Private (band), a Denmark-based band * "Private" (Ryōko Hirosue song), from the 1999 album ''Private'', written and also recorded ...


References

* http://www.cisco.com/en/US/tech/tk389/tk814/tk838/tsd_technology_support_sub-protocol_home.html * http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml * http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008017b753.shtml Local area networks {{Compu-network-stub