Planning an ACL application

Before creating and implementing ACLs, you need todefine the policies you want your ACLs to enforce, and understand how the ACL assignments impact your network users.


All IPv4 traffic entering the switch on a given interface is filtered by all ACLs configured for inbound traffic on that interface. For this reason, an inbound IPv4 packet is denied (dropped) if it has a match with either an implicit or explicit deny in any of the inbound ACLs applied to the interface. This does not apply to traffic leaving the switch because only one type of ACL-an RACL-can be applied, and only to routed IPv4 traffic.

See Multiple ACLs on an interface for more detail.