Evaluation Precedence for ACLs

The ACLs on a port are evaluated in the following order:
  • Persistent dynamic ACLs
  • Host-integrity permit ACLs
  • MAC source address deny ACLs
  • Source IP lockdown source IP permit ACLs
  • Source IP lockdown deny all ACLs
  • ARP validation CPU ACLs
  • ACLs created using the CLI
  • DoS Protect-installed ACLs
  • MAC-in-MAC installed ACLs
  • ACLs applied with a policy file (see ACLs for precedence among these ACLs)