Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
5
Helpful
2
Replies

Port ACL Limitation Reasoning

UncleJP
Level 1
Level 1

‎05-18-2020 01:50 PM

I ran across this bit of material while learning about port access control lists:

 

PACLs have a few restrictions that vary from platform to platform. The following
are some of the most common restrictions:
• PACLs only support filtering incoming traffic on an interface (no outbound
filtering support).
• PACLs cannot filter Layer 2 control packets, such as CDP, VTP, DTP, PAgP,
UDLD, and STP.
• PACLs are supported only in hardware.
• PACLs do not support ACLs to filter IPv6, ARP, or Multiprotocol Label
Switching (MPLS) traffic.

 

1. Why don't PACLs support outbound filtering?

 

2. Why can't PACLs filter layer 2 control packets?

 

3. Why are PACLs only supported in hardware?

 

4. Why can't PACLs filter IPv6, ARP, or Multiprotocol Label
Switching (MPLS) traffic?

 

This post is loaded with questions. I greatly appreciate any input that you offer. 

 

Jason

0 Helpful
2 Replies 2

omz
VIP Alumni
VIP Alumni

‎05-18-2020 02:19 PM

The port ACL feature is supported only in hardware port ACLs are not applied to any packets routed in software.

TCAM is used to create an entry when port ACL is used.

There is no hardware support for output PACLs.

 

UncleJP
Level 1
Level 1
In response to omz

‎05-19-2020 07:05 AM

I appreciate the answer, omz.
0 Helpful
Customers Also Viewed These Support Documents