Looking over some things before I go write the BCMSN exam this is something I wanted to waffle on about again because the reason for both aren’t so clear to me and why to use what when.
So short and sweet an Access Control List (ACL) is something that comes from the CCNA course and is something one can use to manage and control traffic that passes through a switch (mind passes through and doesn’t originate on) either in an inbound or outbound direction. Cisco Catalyst Switches filter traffic through the use of a TCAM (mentioned on this post). The reason for VLAN Access Control List (VACL) is that only traffic that passes between VLANs can be filtered using ACLs.
So this means logicaly that traffic that stays in the same VLAN doesn’t necessarily have a direction (inbound or outbound) in relation to the interface and also isn’t crossing any interface boundries. There is also the fact that the packets may also be non-IP, non-IPX, or completely bridged. VACLs are mechanisms that can directly affect packets inside a VLAN. VACLs are configured using access-maps