About filtering inbound traffic with multiple ACLS
When traffic inbound on a port is subject to multiple ACL assignments, and a RADIUS-assigned, user-based ACL is present, this traffic must satisfy the following conditions to be permitted on the switch:
1 |
Originate with an authenticated client associated with the RADIUS-assigned ACL (if present). |
2 |
Be permitted by the RADIUS-assigned ACL (if present). Includes both IPv4 and IPv6 traffic—unless the ACL is configured to exclude (drop) IPv6 traffic. |
3 |
For IPv4-only traffic, be permitted by connection-rate ACL filtering. |
4 |
Be permitted by a VACL configured on a VLAN to which the port is assigned.IPv4 VACLs and PACLs ignore IPv6 traffic, and the reverse. |
5 |
Be permitted by a PACL assigned to the port. |
6 |
For IPv4 traffic only, be permitted by a RACL assigned inbound to the port, if the traffic is subject to RACL rules. Be permitted by a RACL assigned inbound to the port, if the traffic is subject to RACL rules. |