Hello,

I was tasked to filter traffic on my network which consists of the following:

2 x Distros and a bunch of access switches.

I'm running HSRP on my vlans which works great but I have to filter outbound traffic from accessing certain things.  For example I would allow my local network to talk to another network then deny any any.  The issue exists when I apply my vlan access-map to a particular vlan.  For whatever reason HSRP stops working and both svi's on the two distros become active.  I tried vlan access maps and I've tried to apply the acl directly to the svi with the same results.

My config looks like the following

SW1

int vlan 10

ip add 192.168.1.2 255.255.255.0

standby 10 ip 192.168.1.1

standby 10 preempt

standby 10 priority 110

ip access-list extended vlan_filter

permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 10.1.10.0 0.0.0.255

deny ip any any

vlan access-map Filter
  match ip address vlan_filter
  action forward

vlan filter Filter vlan-list 10

SW2

int vlan 10

ip add 192.168.1.3 255.255.255.0

standby 10 ip 192.168.1.1

standby 10 preempt

ip access-list extended vlan_filter

permit ip 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 10.1.10.0 0.0.0.255

deny ip any any

vlan access-map Filter
   match ip address vlan_filter
   action forward

vlan filter Filter vlan-list 10

When applied that config to both switches and HSRP doesn't work at all.  If anyone has any suggestions please let me know.

Thanks in advance