You are technically correct that there is no mandatory requirement for "access-list 101 deny ip any any" as that deny statement is implied. However, it is still good practice to include it anyway so that hits on it can be tracked through logging. Just a suggestion.
In looking at your configuration, I have to agree with the other replies about the direction(in/out) of your ACLs via the access-group statement. I also agree about the implicit deny that should be added at the end of your ACL. In addition, you are allowing specific traffic out, but there may be an issue about not specifying the traffic that should be allowed back to vlan10.
What I mean is if you do not specify what is allowed back to vlan10 then when the ACL entries are all tried, all remaining traffic will be denied and as a result, replies back to your requests from vlan10 to the servers on vlan20 and vlan30 will be denied as well. I hope this helps resolve the ACL issue.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...