Good morning. I do understand the direction of acl in/out. Here is the example. I am doing on Nexus 1k which is same rule applied.
ACL in/out direction and interface
When you apply an ACL "in", the router examines all traffic it RECEIVES on the interface against the ACL.
When you apply an ACL "out" on an interface the router examines any traffic attempting to leave that interface against the ACL.
!!!!! This is what I want to do. I like to allow only traffic from 10.200.213.25 and 10.201.250.0/24 and block all private IP range to the port-profile 218vlan !!!!!
(1000v port-profile)
port-profile type vethernet 218Vlan
switchport mode access
switchport access vlan 218
ip port access-group med-02 in
no shutdown
state enabled
vmware port-group
IPV4 ACL med-02
10 permit ip 10.200.213.25/32 any
20 permit ip 10.201.250.0/24 any
30 deny ip 10.0.0.0/8 any
40 deny ip 172.16.0.0/12 any
50 deny ip 192.168.0.0/16 any
60 permit ip any any log
When I applied this access-group, it blocked all traffic including 10.200.213.25. Am I missing something?