Introduction

An ACL is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action (permit or deny). A static ACL applies only to the switch in which it is configured. ACLs operate on assigned interfaces, and offer these traffic filtering options:

IPv4 traffic inbound on a port.

The following table lists the range of interface options:

Interface	ACL Application	Application Point	Filter Action
Port	Static Port ACL (switch configured)Dynamic Port ACL	inbound on the switchinbound on the switch port used by authenticated client	inbound IPv4 trafficinbound IPv4 traffic from the authenticated client
VLAN	VACL	entering the switch on the VLAN	inbound IPv4 traffic

NOTE:

After you assign an IPv4 ACL to an interface, the default action on the interface is to implicitly deny IPv4 traffic that is not specifically permitted by the ACL. (This applies only in the direction of traffic flow filtered by the ACL.)