A session is computed based on the following:
•Source IP address
•Destination IP address
•Source Port
•Destination Port
•ICMP identifier
•Incoming interface index
•IP Protocol
NOTE: Port and router ACLs can be applied only in an inbound direction. WLAN ACLs support applying ACLs in the inbound and outbound direction.
Each session has a default idle
The default idle
•ICMP and UDP sessions— 30 seconds
•TCP sessions— 2 hours
6.5.1.2Port ACLs
The switch supports Port ACLs on physical interfaces and inbound traffic only. The following Port ACLs are supported:
•Standard IP
•Extended IP
•MAC Extended ACL— Uses source and destination MAC addresses and VLAN ID. It optionally, also uses Ethertype information.
Port ACLs are not stateful as compared to Router ACLs. Hence, it matches every packet against the configured ACL rules and takes action as defined by the ACL rules. When a Port ACL is applied to a trunk port, the ACL filters traffic on all VLANs present on the trunk port. With Port ACLs, you can filter:
•IP traffic by using IP ACL
•
Both IP and
You cannot apply more than one IP ACL and one MAC ACL to a Layer 2 interface. If an IP ACL or MAC ACL is already configured on a Layer 2 interface and a new IP ACL or MAC ACL is applied to the interface, the new ACL replaces the previously configured one.