Categories
CCNP Enterprise Core (350-401) Cisco Security

Port Access Control Lists (PACL)

The syntax for configuring a Port Access Control List is the same as creating any other access control list. The difference is Port Access Control lists support filtering via MAC address via a different CLI syntax.

PACLs can only support filtering of incoming traffic with no outbound filtering support.

PACLs can not filter control packets such as CDP, VTP, DTP, PAgP, UDLD and STP

A PACL are only supported in hardware.

A PACL does not support ACLs filtering IPv6, ARP, or MPLS traffic

ip access-list extended PortACL
 deny tcp any any eq 23
 deny icmp any any
 permit ip any any

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.