About filtering inbound traffic with multiple ACLS

When traffic inbound on a port is subject to multiple ACL assignments, and a RADIUS-assigned, user-based ACL is present, this traffic must satisfy the following conditions to be permitted on the switch:

1

Originate with an authenticated client associated with the RADIUS-assigned ACL (if present).

2

Be permitted by the RADIUS-assigned ACL (if present). Includes both IPv4 and IPv6 traffic—unless the ACL is configured to exclude (drop) IPv6 traffic.

3

For IPv4-only traffic, be permitted by connection-rate ACL filtering.

4

Be permitted by a VACL configured on a VLAN to which the port is assigned.IPv4 VACLs and PACLs ignore IPv6 traffic, and the reverse.

5

Be permitted by a PACL assigned to the port.

6

For IPv4 traffic only, be permitted by a RACL assigned inbound to the port, if the traffic is subject to RACL rules. Be permitted by a RACL assigned inbound to the port, if the traffic is subject to RACL rules.