Port ACL (PACL) Restrictions and Design Considerations


A **Port ACL (PACL)** is a special kind of [Access Control List (ACL)](/access-list-acl) that is applied to a [Layer 2](/osi-model) switch port to filter incoming traffic before it is forwarded based on [MAC](/mac-address) or [IP addresses](/ipv4).

## Key Characteristics of PACLs:

1. **Applied to Physical Layer 2 Ports** – PACLs are configured on switchports rather than routed Layer 3 interfaces.
2. **Can Filter Based on IP or MAC Addresses** – Unlike [VLAN Access Lists](https://networklessons.com/security/vlan-access-list-vacl) (VACLs), which apply to all traffic in a [VLAN](/vlan), PACLs filter traffic entering a specific port.
3. **Ingress-Only Filtering** – PACLs are applied to incoming traffic; they do not filter traffic exiting the port.
4. **Support for Standard, Extended, and MAC ACLs** – Depending on the use case, the platform, and the IOS version, PACLs can be configured with:
    - **IP ACLs** (standard/extended) to filter based on IP addresses, protocols, and [ports](/transport-layer-port-number).
    - **MAC ACLs** to filter based on source and destination MAC addresses.

Depending on the platform and IOS version, [PACLs have specific restrictions](/port-acl-pacl-restrictions-and-design-considerations) that should be taken into account.

## Links

https://networklessons.com/cisco/ccie-routing-switching-written/ipv6-pacl-port-acl

Port Access Control Lists (PACLs)

OSPFv3 communication between routers and next hop addresses

OSPFv3 instance ID

Offset-list

PAT (overloading) maximum number of translations per inside global address

PAgP

PBR - Policy Based Routing

PBR - Transport Layer port number

PBR - load balancing

PBR - matching prefix lists

PBR - route-map and ACL deny statements not supported

PBR - set interface command

PBR next hop recursive

PBR next hop verify availability

PBR next-hop and default next-hop

PPPoE

PSTN

PTP - Best Master Clock Algorithm

PTP - Clock Types

PTP - Interface Roles

PTP - Offset and Delay times

Passive interface

Physical layer - Copper medium

Physical layer - Optical fiber medium

Physical layer - Wireless medium

Physical layer - encoding

Physical layer - media

Physical layer - modem

Physical layer - modulation

Physical layer Carrier Wave

Ping - Specify ToS

Ping - common reasons for failure

Ping - debug commands

Ping - extended feature

Ping - possible ping responses

Ping - specifying size

Ping - sweep range of sizes

Ping - troubleshooting concepts

Ping

PoE - Understanding Maximum Power

PoE Passive

PoE Standards-based

PoE over Gigabit Ethernet

PoE power sourcing equipment (PSE)

PoE powered device (PD)

PoE what is it

Point-to-Point Protocol (PPP)

Policy Based Routing acts on incoming traffic

Policy NAT (Conditional NAT) Use Cases

Prefix Lists - Operators

Prefix Lists

Private VLANs - non-operational type

Private VLANs and Trunks

Private WAN

Protocol Data Unit (PDU)

Protocol Independent Multicast (PIM)

Protocols with LFA support

Proxy ARP Best Practices

Pseudowire

Public Key Certificate

Public vs Private AS with multiple ISPs

Python - Parsing output of show commands

Python - Performing Tasks Concurrently

Python - viewing code using trinket.io

Python Paramiko SSH

Python stdin, stdout, stderr

QOS - Multilayer Switch QoS (MLS)

QoS - Assured Forwarding PHB values

QoS - Bc and Be bucket sizes

QoS - Classification by IP

QoS - CoS to DSCP and DSCP to CoS mapping

QoS - Hierarchical QoS

QoS - Jitter

QoS - LLQ applied only outbound

QoS - LLQ bandwidth configuration

QoS - LLQ priority commands

QoS - Nested policy maps

QoS - Policing command syntax

QoS - RSVP bandwidth and flow reservations

QoS - Recommended router images for QoS labs in GNS3

QoS - Tail Drop

QoS - Using CBWFQ with traffic shaping

QoS - WRED traffic profile thresholds

QoS - applying policies

QoS - auto qos trust

QoS - classification

QoS - effects of bandwidth interface command

QoS - is WRED really a congestion avoidance mechanism

QoS - key and nonkey fields

QoS - marking

QoS CBWFQ traffic allocation when there are empty queues

QoS CBWFQ

QoS CoS vs DSCP

QoS Groups Example

QoS Groups

QoS Hardware Queue vs Software Queue

QoS Hierarchical Queuing Framework (HQF)

QoS Impact of Priority Queue on Class-Default Traffic

QoS Mechanism Triggers

Port Access Control Lists (PACLs)

Key Characteristics of PACLs:

Links

Links to this page: