We're trying to block all SNMP, NTP and BGP access to a particular SVI. However, when using the ACL config below, only traffic through the SVI is blocked, not the traffic directly destined towards it.
So SVI VLAN901 is still responding on BGP, NTP and SNMP requests.
Any ideas how to deny traffic destined to an SVI itself?
Platform used: N9K-C93180YC-FX3
interface Vlan901
ip access-group filter_vlan901 in
ip access-group filter_vlan901 out
ip access-list filter_vlan901
10 deny tcp any any eq bgp
11 deny udp any any eq ntp
12 deny tcp any any eq 161
99 permit ip any any
Thanks a lot,
Laurent