cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Switch ACLs vs. FW Rules?

Getting noticed

Switch ACLs vs. FW Rules?

This may be a dumb question, but is there any need/benefit to using Switch ACLs instead of or in addition to Layer 3 FW rules?  The Layer 3 rules seem much simpler to configure and maintain.  Is this primarily meant to be used for in deployments without an MX or are there use cases for using ACLs along with Layer 3 FW rules?  

3 REPLIES 3
Highlighted
Kind of a big deal

Re: Switch ACLs vs. FW Rules?

The only thing I ever use the switch ACLs for in intraVLAN filtering. The switch ACLs are stateless, so they're a bit of a PITA.

 

The MX L3 firewall rules are much more flexible and I would suggest using those over the switch ACLs wherever possible.

Highlighted
Building a reputation

Re: Switch ACLs vs. FW Rules?

Agree, we only use switch ACLs to stop VLANs from talking to each other, that is if it's a L3.

 

Otherwise do it all at the firewall to reduce complexity.

Highlighted
Building a reputation

Re: Switch ACLs vs. FW Rules?

Since the MX is preforming the routing, it is definitely a better option to use Layer 3 firewall rules rather than the ACL. The L3 rules are a little different than other firewall/router rules, but overall much easier than the MS ACLs.
CMNO, CCNA R+S
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.