Introduction
An ACL is a list of one or more Access Control
Entries (ACEs), where each ACE consists of a matching criteria and
an action (permit or deny). A static ACL applies only to the switch
in which it is configured. ACLs operate on assigned interfaces, and
offer these traffic filtering options:
IPv4 traffic inbound on a port.
IPv4 traffic inbound on a VLAN.
Routed IPv4 traffic entering or leaving the switch on a VLAN. (Note that ACLs do not screen traffic at the internal point where traffic moves between VLANs or subnets within the switch. See ACL applications.
Interface |
ACL Application |
Application Point |
Filter Action |
---|---|---|---|
Port |
Static Port ACL (switch configured) |
inbound on the switch |
inbound IPv4 traffic |
VLAN |
VACL |
entering the switch on the VLAN |
inbound IPv4 traffic |
NOTE:
After you assign an IPv4 ACL to an interface, the default action on the interface is to implicitly deny IPv4 traffic that is not specifically permitted by the ACL. (This applies only in the direction of traffic flow filtered by the ACL.)