62 Switch FeaturesDot1x Monitor ModeMonitor mode can be enabled in conjunction with Dot1x authentication toallow network access even when the user fails to authenticate. The switch logsthe results of the authentication process for diagnostic purposes. The mainpurpose of this mode is to help troubleshoot the configuration of a Dot1xauthentication on the switch without affecting the network access to theusers of the switch.For information about enabling the Dot1X Monitor mode, see "ConfiguringPort and System Security" on page 481.MAC-Based Port SecurityThe port security feature limits access on a port to users with specific MACaddresses. These addresses are manually defined or learned on that port.When a frame is seen on a locked port, and the frame source MAC address isnot tied to that port, the protection mechanism is invoked.For information about configuring MAC-based port security, see "ConfiguringPort and System Security" on page 481.Access Control Lists (ACL)Access Control Lists (ACLs) ensure that only authorized users have access tospecific resources while blocking off any unwarranted attempts to reachnetwork resources. ACLs are used to provide traffic flow control, restrictcontents of routing updates, decide which types of traffic are forwarded orblocked, and above all provide security for the network. The switch supportsthe following ACL types:• IPv4 ACLs• IPv6 ACLs• MAC ACLsFor all ACL types, you can apply the ACL rule when the packet enters or exitsthe physical port, LAG, or VLAN interface.For information about configuring ACLs, see "Configuring Access ControlLists" on page 523.