Multiple ACL assignments on an interface

The switch simultaneously supports IPv6, IPv4, and RADIUS-assigned ACLs on the same interface (subject to internal resource availability.) This means that traffic on a port belonging to a given VLAN "X" can simultaneously be subject to all of the ACLs listed in this table:

Table 13: Per-interface multiple ACL assignments

ACL type

ACL application

RADIUS-assigned (dynamic) ACLs

One port-based ACL (for first client to authenticate on the port) or up to 32 user-based ACLs (one per authenticated client)
NOTE:

If one or more user-based RADIUS-assigned ACLs are assigned to a port, the only traffic allowed inbound on the port is from authenticated clients.

IPv6 static ACLs

One static VACL for IPv6 traffic for VLAN "X" entering or leaving the switch through the port.One static port ACL for IPv6 traffic entering or leaving the switch on the port.One inbound and one outbound RACL filtering routed IPv6 traffic moving through the port for VLAN "X." (Also applies to inbound, switched traffic on VLAN "X" that has a destination on the switch itself.)

IPv4 static ACLs

One static VACL for IPv4 traffic for VLAN "X" entering or leaving the switch through the port. One static port ACL for any IPv4 traffic entering or leaving the switch on the port.One connection-rate ACL for inbound IPv4 traffic for VLAN "X" on the port (if the port is configured for connection-rate filtering).One inbound and one outbound RACL filtering routed IPv4 traffic moving through the port for VLAN "X". (Also applies to inbound, switched traffic on VLAN "X" that has a destination on the switch itself.)