Don't forget to reverse the regress/ingress order. In other words, ACLs on addressable physical interfaces will work in reverse of a VLAN interfaces ACL. Simply reverse the "access-group xxx (IN/OUT)" statement.
Where did you get this information that 'ACLs on addressable physical interfaces will work in reverse of a VLAN interface ACL'?
When applying an ACL to a logical interface (SVI a.k.a VLAN) you consider it as if you are applying the ACL on a physical routed interface. The direction of the ACL is the same as if we were applying it to the physical interface. For example assume I am going to apply an ACL to prevent packets sourced from VLAN 10 hosts to a.b.c.d. In this particular case I would create an extended ACL matching source as VLAN 10 subnet and destination as a.b.c.d. This ACL will either be applied inbound on VLAN 10 or outbound on the interface that is the exit point towards a.b.c.d. If you reverse the direction (like you say) and apply it outbound on VLAN 10 this ACL will not work as no packets going out of VLAN 10 will have source of VLAN 10 subnet.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...