The security ACL configuration mode for an interface.
Setting this variable to the value port(1) will cause the
packets (L3 forwarded packets and L2 packets) arriving at that
interface to be filtered based on the ACL mapped to that
interface.
Setting this variable to the value vlan(2) will cause the
packets (L3 forwarded packets and L2 packets) arriving at that
access interface to be filtered based on two ACL(the router's
ACL and the ACL of the VLAN to which the interface belongs).
If it is a trunking interface, the vlan-tag packets will be
filtered based on the ACL of the tag-vlan.
Setting this variable to the value merge(3) will merge the
physical interface ACL, the VLAN ACL and the router ACL
together to emulate the logical serial model shown below.
L3 only
Port ACL -> VLAN ACL -> Router ACL -> Router ACL -> VLAN ACL
physical ingress ingress egress egress
interface