I suppose this question could've gone in just about any area since it's dealing with an object/entity that almost invariably exists in all IOS configurations, but I figured here is the most likely place.
1) What is the order of operation and priority used for the software's evaluation of an ACL?
a) top down or best match? I believe that part is easy. b) However what is a better match? an IP address or a port? Obviously a whole socket would be better than either. And I'd prefer to know the entire order of operation and precedence used for ACLs if possible.
there are more IPs than ports in the subsets, so I could infer that ports would be more specific, but I'm unsure and since I've crossed a point where I've forgotten more than I know (presented with more than twice as much knowledge as I can retain) I don't remember way back to my first Cisco class in the 90's which is where I was probably presented with the answer.
So my core question: what results in a hit given an ACL where both exist without additional factors; port or IP? Does the order matter?
Thanks in advance,