May be the below VACL facts can help you.,
VACLs are applied to a VLAN within the VLAN context.
Inbound VACLs filter all traffic that arrives on a VLAN, whether switched or routed.
Outbound VACLs filter all traffic that is forwarded out a VLAN, whether the source is within the same subnet (switched) or another subnet (routed).
Because both inbound and outbound VACLs filter traffic that arrives on a VLAN and is switched out that VLAN, some of the traffic that they filter overlaps.
When you want to control traffic switched within a subnet, you must apply a VACL.
The inbound VACL processes routed traffic like an inbound RACL but also filters switched traffic.
One VACL applies to all ports that are members of the VLAN.
If you are planning to apply a VACL to a VLAN on a switch that does not route traffic for that VLAN, be very careful to plan the rules to permit return traffic to devices in that VLAN as well as the traffic from the devices.
------------------------------
Kapildev Erampu
Systems Engineer, ACEX#94
Aruba, a Hewlett Packard Enterprise company
Any opinions expressed here are solely my own and not necessarily that of HPE
------------------------------
Original Message:
Sent: Sep 01, 2022 04:31 AM
From: DUTTO Jérémy
Subject: ACL Issues over MPLS
Hello everyone,
I'm a bit in trouble with a simple ACL wich look like this :
10 permit icmp 10.xx.0.0 0.0.0.255 0.0.0.0 255.255.255.255
I'm applying this ACL as a VACL with the options vlan-in. When I applied this acl, no devices can ping the vlan (ip access-group "TOIP" vlan-in).
The device is a J9772A HP 2530-48G-PoE+ with no ip routing.
Can you help me a bit ?
Regards,