Port ACL supports only inbound traffic filtering. Port ACL can be configured as three type
access lists: standard, extended, and MAC-extended.
Processing of the Port ACL is similar to that of the Router ACLs; the switch examines ACLs associated with
features configured on a given interface and permits or denies packet forwarding based on packet-matching
criteria in the ACL.
When applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. When applied to a
port with voice VLAN, the ACL filters traffic on both data and voice VLANs.
The main benefit with Port ACL is that it can filter IP traffic (using IP access lists) and non-IP traffic (using MAC
access list). Both types of filtering can be achieved??”that is, a Layer 2 interface can have both an IP access list
and a MAC access list applied to it at the same time.
Note
Port ACLs are not supported on EtherChannel interfaces.
VLAN ACL (VACL)
VLAN ACL (also called VLAN map) provides packet filtering for all types of traffic that are bridged within a VLAN
or routed into or out of the VLAN. Unlike Router ACL, VACL is not defined by a direction (input or output). All
packets entering the VLAN (bridged or routed) are checked against the VACL.
Pages:
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182