Which of these is true regarding the configuration and application of port access control lists?

Which of these is true regarding the configuration and application of port access control lists?

Which of these is true regarding the configuration and application of port access control lists?

A.
PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface.

B.
At Layer 2, a MAC address PACL will take precedence over any existing Layer 3 PACL.

C.
When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.

D.
PACLs are not supported on EtherChannel interfaces.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Han

Han

B, C, and D are all true.

Port ACLs are supported on physical interfaces only and not on EtherChannel interfaces.

Port ACLs are applied on interfaces for inbound traffic only.

When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swacl.html#wp1134573

For an incoming packet on a physical port, the PACL is applied first. If the packet is permitted by the PACL, the VACL on the ingress VLAN is applied next. If the packet is Layer 3 forwarded and is permitted by the VACL, it is filtered by the Cisco IOS ACL on the same VLAN. The same process happens in reverse in the egress direction. However, there is currently no hardware support for output PACLs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.html#wp1102077

Juan

Juan

I think B is incorrect:
If we type: At Layer 2, a MAC address PACL will take precedence over any existing VACL, then B would be correct.
I think C and D are correct.