I think I managed to get it working, I configured it on the core and it all works but when I go to an edge switch and ping a IP Address in a VLAN i've set to deny on the core it can still ping it, I plug back into core and it works..............do I need to do anything on the edge switch or the trunk on the core?
This could happen if the edge switch also has layer 3 interfaces / SVIs. In that case the traffic from a user A on Vlan 5 hits the edge switch, which routes it to vlan 20, and out goes the traffic to user B on Vlan 20, completely bypassing the core -switch. This could happen even if one SVI was in the Edge, the the ACLs on the core interfaces were not applied in both directions.
To resolve this, if your edge switch has both vlans as layer 3, apply acls there as well, else apply an acl on edge switch vlan and core switch vlan as well.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...