An ACL is often used with a traffic policy. A traffic policy defines the traffic classifier matching an ACL and a traffic behavior such as permit/deny associated with the traffic classifier.
Action in the ACL Rule |
Traffic Behavior in the Traffic Policy |
Final Action Taken for Matching Packets |
|---|---|---|
permit |
permit |
permit |
permit |
deny |
deny |
deny |
permit |
deny |
deny |
deny |
deny |
A switch permits packets by default. To reject packets between subnets, define the packets to be rejected in the ACL. If the rule permit command is used, all packets match the rule. If the traffic behavior defines the deny action, all packets are filtered, causing service interruption.