You are referring to vlans and vacls, therefore I assume you want to do this on your switch. Note that acls on most switch ports can only be applied in the inbound direction. In your case you can use the acl specified earlier (but as specified below) and apply to a vlan access-map, something like..
access-list ......in the acl you shound NOT use the "permit ip any any" at the end as it will match ALL your traffic and be dropped by the first vlan map statement. Just permit in the ACL what you want to be dropped. Therefore the acl will permit the traffic which needs to be dropped and then it will be matched by the vlan map below and dropped accordingly.
Hope this makes sense..
vlan access-map DENY_MS_PORTS 10
match ip address
vlan access-group DENY_MS_PORTS 20
The default action is to forward, but I have included it in 20 for demonstration. But you need
vlan access-group DENY_MS_PORTS 20, so that the default action (forward) is applied.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...