Hi all

im sitting with a rather wierd problem.

we have a vlan we use as a management vlan to access our switches, on the switch is an ACL to only allow sertain scopes to access the switch.

now comes the wierd part.

after replaceing the switch with a new one i can no longer access the switch on that VLAN. i can reach the switch on any other vlan that are in the same global VRF as me. but when i try on the mangement net in another VRF the switch says that is has refused the connection. 

the wierd part is, when i remove the ACL on the VTY lines i works no problem

below is a our config. (altered names but consept is the same) i sit on the 172.18.32.X network.

my log says 

*Oct  2 07:38:03.725: %SEC-6-IPACCESSLOGS: list 1 permitted 172.18.32.110 2 packets

no matter what VLAn i try to access . even on the one that says refused connection.

interface Vlan5
 description Management
 ip vrf forwarding vrf-1
 ip address 10.129.5.1 255.255.255.0
 ip helper-address 10.10.0.10
!
interface Vlan16
 description Admin-HX
 ip address 10.129.16.1 255.255.255.0
 ip helper-address 172.18.48.96
 ip helper-address 172.18.51.41

access-list 1 permit 10.64.16.0 0.0.0.255 log
access-list 1 permit 10.1.5.0 0.0.0.255 log
access-list 1 permit 172.18.32.0 0.0.0.255 log
access-list 1 deny   any log

line vty 0 4
 access-class 1 in
 length 0
 transport input ssh
line vty 5 15
 access-class 1 in
 length 0
 transport input ssh