Showing results for 
Search instead for 
Did you mean: 

ACL is not working

Shivu b

Hello Members,


I did  configure the following ACL list in a switch that allows to host network and deny remaining network traffic but ACL is not working and can ping the rest of the device particular VLAN


can someone correct the ACL list?


access-list 101 permit ip host
access-list 101 permit ip host
access-list 101 deny ip any





8 Replies 8

which direction you apply ACL ?

does need to specify separately for outbound? 

ACL for which VLAN 
-VLAN for Host 
the ACL direction must be IN 
-VLAN for 10.132.x.x 
the ACL direction must be OUT 



let's assume the Vlan 54 is the source network, try the below:


interface Vlan54
ip address
ip access-group 101 out

paul driver
VIP Expert VIP Expert
VIP Expert


As @MHM Cisco World stated, the direction of the acl is requied.

Looking at your acl the source is ( Vlan X =, host

So the acl direction applied to Vlan X  should be =  IN


Vlan X
ip address 10.132.54.X
ip access-group 101 IN


Vlan acl logic
traffic origninating from within the vlan  = IN
traffic towards to the vlan = OUT

171831-SVI Directions.png


kind regards

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

Shivu b

Hello All,


Thanks for your reply. Unfortunately, none of the solutions works. 




odd, as it is a fairly simple access list. Can you post the full running configuration of your switch ?

only the thing that make this ACL not work after add IN OUT is the L3 forwarding is done not in VLAN interface but in Router or FW connect to these VLAN and host use it as GW.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers