Somebody please help me understand the concept:
I have VLAN500 on a 6509, with a network of 172.17.x.x and I want to apply an extended ACL to allow any host on that VLAN to telnet to a host on VLAN 600 (network 17.16.x.x). So I created the following ACL
Extended IP access list VLAN500
permit tcp any host 172.16.8.53 eq telnet
and added this line to the VLAN500 interface:
ip access-group VLAN500 out
And it didn't work, until I changed the interface statement to:
ip access-group VLAN500 in
And it really doesn't make sense to me that I would have to apply it in. Why wouldn't I apply it out since any host on the local VLAN can telnet out to a host on another VLAN? If anyone can explain this to me, it would be appreciated. Thanks in adavance.