Hi, Unfortunelly I cannot say I fully understand yout question, but in essence, you're wondering what type of level2/3 security to use(VACL vs ACL), right ?! Well, it's not that diffucult to chose between them, especially givven some knowledge of their differences/usage.
ACL - layer 2/3/4 access-lists, applied on per-interface basis. VACL - vlan access-lists, which control the traffic flow WITHIN a specified VLAN. For example, you can specify host A is not capable of connecting host B(both A and B in the same vlan), all other communication inside this vlan(no layer3 routing/switching here). So, for instance, you have segment 1 internet ........ (layer 3 router..etc.) segment n servers I don't see the need of VACL (givven that information). All you have to do is to define your security policy and apply appropriate layer3 access-lists to individual router interfaces(vlans on RSFC , RSM...) Well, in curcumstanses where you've got special needs, say for example in the server segment, you can use VACL to DEFINE THE SECURITY POLICY INSIDE THAT GIVVEN SEGMNET(vlan). Radoslav Vasilev IBGC, Sofia Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74948&t=74559 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
