VLAN Access-List Learning experience on an 8320 running 10.03+:
CONFIG CONTEXT:
vlan 200
description SERVER-VLAN
apply access-list ip VLAN-SERVER-200-IN-# in
exit
access-list ip VLAN-SERVER-200-IN-1
9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
90 permit any 0.0.0.0 0.0.0.0 count
99 deny any 0.0.0.0 0.0.0.0 log count
exit
access-list ip VLAN-SERVER-200-IN-2
9 comment SERVER-200 >>>>>>>>>>>>>>>>>> VACL INBOUND
90 permit any 0.0.0.0/0 0.0.0.0/0 count
99 deny any 0.0.0.0/0 0.0.0.0/0 log count
exit
VLAN-SERVER-200-IN-1 does NOT equal VLAN-SERVER-200-IN-2
OBSERVATIONS:
VLAN-SERVER-200-IN-1 resticts only host 0.0.0.0.
No hitcounts were observed and no logs were sent to the syslog server. After seq#99 there is an IMPLICIT DENY w/o logs or counts.