The ACLs on a port are evaluated in the following order:
- Persistent dynamic ACLs
- Host-integrity permit ACLs
- MAC source address deny ACLs
- Source IP lockdown source IP permit ACLs
- Source IP lockdown deny all ACLs
- ARP validation CPU ACLs
- ACLs created using the CLI
- DoS Protect-installed ACLs
- Sentriant-installed ACLs
- MAC-in-MAC installed ACLs
- ACLs applied with a policy file (see ACLs for precedence among these ACLs)