@adeebtaqui I would say Use Access layer switch as L3 is Neither Right Nor Wrong. it's totally up to design.
if you are using same Vlan access the all Access switch then i would say use that as a L2.
Advantage: you can use same vlan across the campus...
@Sectech1 you can add allowed host entry on high priority on existing ACL, like
409 permit ip any <IP_you_Want_to_Allow> 0.0.0.0
if still you facing issue, i would request please share output of below commands
sh ip access-listsh run | Sec access-lis...
@IshtarTerra Ideally, we can find MAC learning port from "show mac address-table address <MAC_Address>".
If you have multiple switch are connected on cascade, you can check output of above command and if it's learning from Interface which is connect...