@Purnendra we have same issue in past and it's Bug CSCdz21299 I Would you request you to open a TAC Case and verify the them. 

@adeebtaqui I would say Use Access layer switch as L3 is Neither Right Nor Wrong. it's totally up to design. if you are using same Vlan access the all Access switch then i would say use that as a L2. Advantage: you can use same vlan across the campus...

@Sectech1 you can add allowed host entry on high priority on existing ACL, like 409 permit ip any <IP_you_Want_to_Allow> 0.0.0.0 if still you facing issue, i would request please share output of below commands sh ip access-listsh run | Sec access-lis...

Could you verify duplex configuration and also is their any encapsulation configured, if yes then both side it should be the same. 

@IshtarTerra  Ideally, we can find MAC learning port from "show mac address-table address <MAC_Address>". If you have multiple switch are connected on cascade, you can check output of above command and if it's learning from Interface which is connect...