why use ACL cannot take broadcast and unknown unicast effect on outbound direction?
when you are trying to set ACL on some service-slot, the direction of inbound works normally, but the direction of outbound have a little abnormality about broadcast and unknown unicast.
MA5600T(config-acl-link-4000)# rule 1 deny source 1234-5678-1234 ffff-ffff-ffff
MA5600T(config)#packet-filter outbound link-group 4000 rule 1 port 0/5/0
Although you activate this ACL 4000 rule on port 0/5/0 with outbound direction, this ACL 4000 rule is also going to activate on the inbound direction of the other ingress-port except port 0/5/0, in addition it will add a new discriminative filed on these port for realize traffic. In other word, all of these ingress-port will distinguish traffic by two filed “the rule was defined by ACL 4000 and the egress-port ID activated ACL 4000” , if those traffic come from inbound match these two filed on the other ingress-port, it gonna execute the action of ACL 4000 packet-filter. According as this reason, even though it has activated rule on this egress-port and the other ingress-ports have also activated the same rule, broadcast and unknown unicast don’t have forwarding-entry in the LSW, so LSW don’t know which egress-port should forward to, it only can match one of discriminative filed “the rule was defined by ACL 4000”, but not match “the egress-port ID activated ACL 4000”. As the result, ACL cannot take broadcast and unknown unicast effect on outbound direction of Port.