584 Configuring Access Control ListsDepending on whether an ingress or egress ACL is applied to a port, when thetraffic enters (ingress) or leaves (egress) a port, the ACL compares the criteriaconfigured in its rules, in list order, to the fields in a packet or frame to checkfor matching conditions. The ACL processes the traffic based on the actionscontained in the rules.ACL rules are processed in list order, from the first to the last rule in the list.If a matching rule is found, the rule action is taken and no subsequent rules inthe list are processed for that packet. Frequently matched rules should beplaced near or at the front of the list. A list must have at least one permitentry or all traffic is denied (dropped).Egress ACLs filter switched traffic only. Packets generated by the switch aresent regardless of any egress ACL deny rules.You can set up ACLs to control traffic at Layer 2, Layer 3, or Layer 4. MACACLs operate on Layer 2. IP ACLs operate on Layers 3 and 4. DellNetworking series switches support both IPv4 and IPv6 ACLs.What Are MAC ACLs?MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect thefollowing fields of a packet:• Source MAC address• Source MAC mask• Destination MAC address• Destination MAC mask• VLAN ID• Class of Service (CoS) (802.1p)• EtherTypeL2 ACLs can apply to one or more interfaces.Multiple access lists can be applied to a single interface; sequence numberdetermines the order of execution.NOTE: The last access group configured is terminated by an implicit deny allrule, which drops any packet not matching a preceding rule.