Hi,
Unfortunelly I cannot say I fully understand yout question, but in essence,
you're wondering what type of level2/3 security to use(VACL vs ACL), right
?! Well, it's not that diffucult to chose between them, especially givven
some knowledge of their differences/usage.
ACL - layer 2/3/4 access-lists, applied on per-interface basis.
VACL - vlan access-lists, which control the traffic flow WITHIN a specified
VLAN. For example, you can specify host A is not capable of connecting host
B(both A and B in the same vlan), all other communication inside this
vlan(no layer3 routing/switching here).
So, for instance, you have
segment 1 internet
(layer 3 router..etc.)
segment n servers
I don't see the need of VACL (givven that information). All you have to do
is to define your security policy and apply appropriate layer3 access-lists
to individual router interfaces(vlans on RSFC , RSM...)
Well, in curcumstanses where you've got special needs, say for example in
the server segment, you can use VACL to DEFINE THE SECURITY POLICY INSIDE
THAT GIVVEN SEGMNET(vlan).
Radoslav Vasilev
IBGC, Sofia
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=74948t=74559
--
**Please support GroupStudy by purchasing from the GroupStudy Store:
http://shop.groupstudy.com
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html