i config acl (deny any any)apply to interface vlan10 on 6509, whatever in or out, I found i can ping vlan 10 interface ip address from R1.
But i can't ping vlan 10 interface ip address in 6509.
how can i config acl to block traffic from r1 to reach interface vlan 10 on 6509.
I don't like place acl in G1 interface.
how can I block traffic originated with 6509 to reach interface vlan 10 interface ip address or computer below it!