Access-list for SVI doesn't seem to work well.
I have two switches connected directly, Switch A sets the IP address 220.127.116.11/16, and switch B sets the IP address 18.104.22.168/16 for SVI 100.
I try to deny SSH access from switch A to B by configuring the following commands in switch B, but somehow switch A succeed to SSH to B.
net add acl ipv4 copptest drop tcp source-ip 22.214.171.124/16 source-port any dest-ip 126.96.36.199/16 dest-port any
net add int swp3 acl ipv4 copptest inbound
net add vlan 100 acl ipv4 copptest inbound
net add control-plane acl ipv4 copptest inbound
I found that access-list worked properly with packets that switch B transmit to another switch.
It doesn't work with packets toward Switch B itself.
It also worked when I set the IP address in physical switch port, not SVI.
Does anyone have any idea to apply access-list to SVI?