Filter
Top Products
Chapter 73: Advanced Access Control Lists (ACLs)
1168
Guidelines Here are the ACL guidelines:
An ACL can have a permit, deny, or copy-to-mirror action. The
permit action allows ports to forward ingress packets of the
designated traffic flow while the deny action causes ports to
discard packets. The copy-to-mirror action causes a port to copy
all ingress packets that match the ACL to the destination port of the
mirror port.
A port can have more than one ACL.
An ACL can be assigned to more than one port.
You can only assign the same ACL to the same port one time.
ACLs filter ingress packets on ports, but they do not filter egress
packets. As a result, you must apply ACLs to the ingress ports of
the designated traffic flows.
ACLs for static port trunks or LACP trunks must be assigned to the
individual ports of the trunks.
Because ports, by default, forward all ingress packets, permit
ACLs are only required in circumstances where you want ports to
forward packets that are subsets of larger packet flows that are
blocked by deny ACLs.
A port that has more than one ACL checks the ingress packets in
the order in which the ACLs are added, and forwards or discards
packets at the first match. As a result, if a port has both permit and
deny ACLs, add the permit ACLs before the deny ACLs.
Otherwise, a port is likely to discard packets you want it to forward.
Ports can have ACLs with different filtering criteria. For example, a
port may have ACLs that filter on a source IP address and a UDP
port.