Hi Flavio, yes ping is good,

And SSH session is closed with no problem?

I just trying to make sure that the problem is not something else.

HI thanks BB

the source and dest,

source 10.224.61.186   destination 10.224.32.19 eq 22

Which direction or source located, based on that ACL should IN or OUT.

the direction is IN

the source try to connect thru SSh to the destination

I notice that G0/39 is an access port in vlan 40. Could you post the configuration of interface vlan 40? This would help us understand the issue better. 

I am surprised that the access-group is applied on G0/39. I would have expected it to be applied on the vlan 40 interface. What happens if you assign the acl to the vlan interface rather than the access port?

Thanks Richard,

let me get it...

Hi Richard, here is the vlan configuration:

interface Vlan40
no ip address
no ip route-cache
no ip mroute-cache

if I apply the ACL  in the VLAN interface how the traffic is impact?

Need some clarification :

So the IP belong to VLAN 40 - 10.224.61.186?

is this device connected to  - interface GigabitEthernet0/39 and intiating SSH connection to 10.224.32.19 eq 22

with out ACL - ip access-group dev01-access in  - is the SSH works ?

BB,

answering your questions:

10.224.61.186 no do not belong to vlan 40

without the ACL,... SSH works, the goal we just want to limit traffic host to host only via SSH. the rest of traffic drop or deny.

If the IP not belong to VLAN 40 and you do not have any config in VLAN 40 interface ?

10.224.61.186 - where is IP connected host on what port ? what VLAN it belong to.

10.224.32.19  - where is this device connected ? what VLAN it belong to ?

can you post show run complete or some network picture for us to understand your network. since the informaiton you have provide not helping us to determine the problem.

BB,

 Unfortunately I can not post configuration here, both server are in the same subnet range and VLAN 40.