IP Access Control Lists (ACL), Prefix Lists, and Route-maps | 147If a rule is simply appended, existing counters are not affected.For information on MAC ACLs, refer to the Access Control Lists (ACLs) chapter in the FTOS CommandLine Reference Guide.Assign an IP ACL to an InterfaceIngress IP ACLs are supported on platforms: c and sIngress and Egress IP ACL are supported on platform: eTo pass traffic through a configured IP ACL, you must assign that ACL to a physical interface, a portchannel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channelinterface and the traffic is either forwarded or dropped depending on the criteria and actions specified inthe ACL.The same ACL may be applied to different interfaces and that changes its functionality. For example, youcan take ACL "ABCD", and apply it using the in keyword and it becomes an ingress access list. If youapply the same ACL using the out keyword, it becomes an egress access list. If you apply the same ACL tothe loopback interface, it becomes a loopback access list.This chapter covers the following topics:• Configuring Ingress ACLs on page 149• Configuring Egress ACLs on page 149• Configuring ACLs to Loopback on page 151For more information on Layer-3 interfaces, refer to Chapter 13, Interfaces, on page 47.Table 8-2. L2 and L3 ACL Filtering on Switched PacketsL2 ACL Behavior L3 ACL Behavior Decision on Targeted TrafficDeny Deny Denied by L3 ACLDeny Permit Permitted by L3 ACLPermit Deny Denied by L2 ACLPermit Permit Permitted by L2 ACLNote: If an interface is configured as a “vlan-stack access” port, the packets are filtered by anL2 ACL only. The L3 ACL applied to such a port does not affect traffic. That is, existing rulesfor other features (such as trace-list, PBR, and QoS) are applied accordingly to the permittedtraffic.