I'm trying to apply an ACL to an access-layer interface on a Catalyst 4500 running 12.2(50)SG
The ACL looks emphatic to me ... but in fact, it has no effect on traffic -- the end-station attached to this interface is unaffected and can ping, query DNS, etc.
test-esx#sh ip access-list block-all
Standard IP access list block-all
10 deny any
test-esx#sh run int Gi4/48
Current configuration : 199 bytes
switchport access vlan 74
switchport mode access
ip access-group block-all in
ip access-group block-all out
spanning-tree guard none
Is this function supported? i.e. would we expect a C4K to be able to filter IP traffic on physical interfaces?