350-401 · Question #637
Which type of ACL can be applied only to Layer 2 pods?
The correct answer is A. port ACLs. The question asks to identify an Access Control List (ACL) type specifically designed for application at Layer 2 interfaces.
Question
Options
- Aport ACLs
- Breflexive ACLs
- Creflexive ACLs
- Ddynamic ACLs
- EVLAN ACLs
How the community answered
(49 responses)- A94% (46)
- B4% (2)
- C2% (1)
Why each option
The question asks to identify an Access Control List (ACL) type specifically designed for application at Layer 2 interfaces.
Port ACLs (PACLs) are specifically designed to filter traffic at Layer 2 interfaces (physical switch ports) before any Layer 3 routing or VLAN processing occurs, applying policies directly to individual switch ports.
Reflexive ACLs are used in Layer 3 contexts to permit return traffic for specific outbound sessions, creating temporary entries in the access list.
This is a duplicate of B, and thus also incorrect.
Dynamic ACLs are used for remote access where users authenticate to a server to temporarily open a firewall port, which is a Layer 3 security feature.
VLAN ACLs (VACLs) are applied to VLANs and operate on traffic bridged within or routed between VLANs, typically after Layer 2 processing but not directly at the physical port like PACLs.
Concept tested: Port Access Control Lists (PACLs)
Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_6_e/config_guide/b_2960x_15_2_6_e_config_guide/b_2960x_15_2_6_e_config_guide_chapter_0100.html
Topics
Community Discussion
No community discussion yet for this question.