Filter
Top Products
Chapter 20: Access Control Lists (ACL)
250
Guidelines Here are the ACL guidelines:
An ACL can have a permit, deny, or copy-to-mirror action. The permit
action allows ports to forward ingress packets of the designated traffic
flow while the deny action causes ports to discard packets. The copy-
to-mirror action causes a port to copy all ingress packets that match
the ACL to the destination port of the mirror port.
A port can have more than one ACL.
An ACL can be assigned to more than one port.
ACLs filter ingress packets on ports, but they do not filter egress
packets. As a result, you must apply ACLs to the ingress ports of the
designated traffic flows.
ACLs for static port trunks or LACP trunks must be assigned to the
individual ports of the trunks.
A port that has more than one ACL checks the ingress packets in the
order in which the ACLs are added, and forwards or discards packets
at the first match. As a result, if a port has both permit and deny ACLs,
add the permit ACLs before the deny ACLs. Otherwise, a port is likely
to discard packets you want it to forward.
An ACL can have multiple filtering criteria. For example, an ACL filters
on a source IP address and UDP port.
Because ports, by default, forward all ingress packets, permit ACLs
are only required in circumstances where you want ports to forward
packets that are subsets of larger packet flows that are blocked by
deny ACLs.