A VLAN access control list (VACL) provides access control for all packets that are bridged within a VLAN or that are routed into or out of a VLAN. Unlike regular Cisco IOS access control lists that are configured on router interfaces and applied on routed packets only, VACLs apply to all packets. The technology was developed by Cisco on the Catalyst 6500 Series switch platform.
VACLs may be used in similar fashion to a SPAN port or network tap, as a way to replicate computer network data that is coming into and leaving from a computer or a network. This is useful if you want to monitor traffic. Often, this configuration is used to facilitate data loss prevention (DLP) or network-based Intrusion prevention systems.
VACL or VACL Ports can be much more discriminating of the traffic they forward compared to a standard SPAN port. They may be set to only forward specific types or specific VLANs to the monitoring port. However, they forward all traffic that matches the criteria, as they do not have the functionality to select from ingress or egress traffic like SPAN ports.
Famous quotes containing the words access, control and/or list:
“Oh, the holiness of always being the injured party. The historically oppressed can find not only sanctity but safety in the state of victimization. When access to a better life has been denied often enough, and successfully enough, one can use the rejection as an excuse to cease all efforts. After all, one reckons, “they” don’t want me, “they” accept their own mediocrity and refuse my best, “they” don’t deserve me.”
—Maya Angelou (b. 1928)
“I don’t think I was constructed to be monogamous. I don’t think it’s the nature of any man to be monogamous.... Men are propelled by genetically ordained impulses over which they have no control to distribute their seed into as many females as possible.”
—Marlon Brando (b. 1924)
“Lovers, forget your love,
And list to the love of these,
She a window flower,
And he a winter breeze.”
—Robert Frost (1874–1963)