Planning an ACL application
Before creating and implementing ACLs, you need todefine the policies you want your ACLs to enforce, and understand how the ACL assignments impact your network users.
NOTE:
All IPv4 traffic entering the switch on a given
interface is filtered by all ACLs configured for inbound traffic on
that interface. For this reason, an inbound IPv4 packet is denied
(dropped) if it has a match with either an implicit or explicit deny
in
any of the inbound ACLs applied to the interface. This does not apply
to traffic leaving the switch because only one type of ACL-an RACL-can
be applied, and only to routed IPv4 traffic.
See Multiple ACLs on an interface for more detail.