PrepAway - Latest Free Exam Questions & Answers

Which of these is true regarding the configuration and application of port access control lists?

Which of these is true regarding the configuration and application of port access control lists?

PrepAway - Latest Free Exam Questions & Answers

A.
PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface.

B.
At Layer 2, a MAC address PACL will take precedence over any existing Layer 3 PACL.

C.
When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.

D.
PACLs are not supported on EtherChannel interfaces.

3 Comments on “Which of these is true regarding the configuration and application of port access control lists?

  1. Han says:

    B, C, and D are all true.

    Port ACLs are supported on physical interfaces only and not on EtherChannel interfaces.

    Port ACLs are applied on interfaces for inbound traffic only.

    When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.

    http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_see/configuration/guide/swacl.html#wp1134573

    For an incoming packet on a physical port, the PACL is applied first. If the packet is permitted by the PACL, the VACL on the ingress VLAN is applied next. If the packet is Layer 3 forwarded and is permitted by the VACL, it is filtered by the Cisco IOS ACL on the same VLAN. The same process happens in reverse in the egress direction. However, there is currently no hardware support for output PACLs.

    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.html#wp1102077




    0



    0

Leave a Reply