ACLs can enhance security by blocking traffic carrying an unauthorized source IPv4 address (SA). This can include:
  • Blocking access from specific devices or interfaces (port or VLAN)

  • Blocking access to or from subnets in your network

  • Blocking access to or from the internet

  • Blocking access to sensitive data storage or restricted equipment

  • Preventing specific IPv4, TCP, UDP, IGMP, and ICMP traffic types, including unauthorized access using functions such as Telnet, SSH, and web browser

You can also enhance switch management security by using ACLs to block IPv4 traffic that has the switch itself as the destination address (DA).


IPv4 ACLs can enhance network security by blocking selected traffic, and can serve as one aspect of maintaining network security. However, because ACLs do not provide user or device authentication, or protection from malicious manipulation of data carried in IP packet transmissions, they should not be relied upon for a complete security solution.


Static IPv4 ACL the switches do not filter non-IPv4 traffic such as IPv6, AppleTalk, and IPX. RADIUS-assigned ACLs assigned by a RADIUS server can be configured on the server to filter both IPv4 and IPv6 traffic, but do not filter non-IP traffic.