I have configured access-lists on catalyst 6509 switch; however it's misbehaving when access allowed for specific ports. Please check the following example
interface vlan 10
ip address 172.16.100.1 255.255.255.0
ip access-group work in
ip access-list extended work
permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10 eq 3389
deny ip any any
I still can't do remote access to 172.17.50.10 using above access-lists. However it works fine using below access-list (all TCP ports allowed).
ip access-list extended work
permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10
deny ip any any
Please suggest.