Meraki

Community

Switch ACLs vs. FW Rules?

CraigCummings
Getting noticed
‎Oct 27 2019 9:05 AM
‎Oct 27 2019 9:05 AM

Switch ACLs vs. FW Rules?

This may be a dumb question, but is there any need/benefit to using Switch ACLs instead of or in addition to Layer 3 FW rules?  The Layer 3 rules seem much simpler to configure and maintain.  Is this primarily meant to be used for in deployments without an MX or are there use cases for using ACLs along with Layer 3 FW rules?  

0 Kudos
3 Replies 3
jdsilva
Kind of a big deal
‎Oct 27 2019 1:08 PM
‎Oct 27 2019 1:08 PM

The only thing I ever use the switch ACLs for in intraVLAN filtering. The switch ACLs are stateless, so they're a bit of a PITA.

 

The MX L3 firewall rules are much more flexible and I would suggest using those over the switch ACLs wherever possible.

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
Priesty
Building a reputation
‎Oct 27 2019 3:55 PM
‎Oct 27 2019 3:55 PM

Agree, we only use switch ACLs to stop VLANs from talking to each other, that is if it's a L3.

 

Otherwise do it all at the firewall to reduce complexity.

KRobert
Head in the Cloud
‎Oct 28 2019 6:43 AM
‎Oct 28 2019 6:43 AM

Since the MX is preforming the routing, it is definitely a better option to use Layer 3 firewall rules rather than the ACL. The L3 rules are a little different than other firewall/router rules, but overall much easier than the MS ACLs.
CMNO, CCNA R+S
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.