Switch ACLs vs. FW Rules?

Getting noticed

Switch ACLs vs. FW Rules?

This may be a dumb question, but is there any need/benefit to using Switch ACLs instead of or in addition to Layer 3 FW rules?  The Layer 3 rules seem much simpler to configure and maintain.  Is this primarily meant to be used for in deployments without an MX or are there use cases for using ACLs along with Layer 3 FW rules?  

3 Replies 3
Kind of a big deal

The only thing I ever use the switch ACLs for in intraVLAN filtering. The switch ACLs are stateless, so they're a bit of a PITA.


The MX L3 firewall rules are much more flexible and I would suggest using those over the switch ACLs wherever possible.

Building a reputation

Agree, we only use switch ACLs to stop VLANs from talking to each other, that is if it's a L3.


Otherwise do it all at the firewall to reduce complexity.

Head in the Cloud

Since the MX is preforming the routing, it is definitely a better option to use Layer 3 firewall rules rather than the ACL. The L3 rules are a little different than other firewall/router rules, but overall much easier than the MS ACLs.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.