I am getting strange results while applying ACLs on the Cat6500 Vlans. I am not able to understand the usage and difference between IN/OUT and whether it is used in the same manner.
Is Cat6500 ACL similar to Router IOS ACLs or do they work differently.
A brief example of ACL (in/out) across SVI's will be helpful.
your ACL is just permitting http traffic from host 10.5.5.10 to 192.168.1.10 on tcp port 80 (server side is on 192.168.1.10)
There is an implicit deny ip any any so you apply the ACL you then cannot ping or telnet to an host in vlan10.
to do that you need to add
permit tcp 10.5.5.0 0.0.0.255 eq 23 any
! telnet side on host )
permit icmp 10.5.5.0 0.0.0.255 any
if you add these two lines you should be able to ping and to telnet to every host in vlan10.
in addition only host 10.5.5.10 can access a web page and only on host 192.168.1.10
in: means traffic entering on the SVI from the user side so traffic received.
at layer3 nothing change from a normal routed port on a router.
Hope to help