ACL applications

ACL filtering is applied to IPv4 traffic as follows:
Routed ACL (RACL)

on a VLAN configured with an RACL:

  • Routed IPv4 traffic entering or leaving the switch. (Routing can be between different VLANs or between different subnets in the same VLAN. Routing must be enabled.)

  • Routed IPv4 traffic having a destination address (DA) on the switch itself. In RACL filter applications on routed IPv4 traffic, this is any of the IP addresses shown in VLANs "A", "B", and "C". (Routing need not be enabled.)

  • outbound traffic generated by the switch itself.

VLAN ACL (VACL)

on a VLAN configured with a VACL, inbound IP traffic, regardless of whether it is switched or routed. On a multinet VLAN, this includes inbound IPv4 traffic from any subnet.

Static port ACL

any inbound IPv4 traffic on that port.

RADIUS-assigned ACL

on a port having an ACL assigned by a RADIUS server to filter an authenticated client's traffic, filters inbound IPv4 and IPv6 traffic from that client For information on RADIUS-assigned ACLs, see RADIUS services supported on switches.