12-22-2023, 05:47 PM
This is not a typo. You were caught by the trap set in this question. Examine the given ACL carefully:
deny tcp any host 10.30.0.100 eq 80
The IP address 10.30.0.100, in above deny statement is not a source address, rather it is the destination address (and belongs to the web server). So when this ACL is applied to interface VLAN 20 in the "in" direction, it blocks HTTP traffic (on port 80) originating from "any" host on VLAN 20, destined for the web server.
deny tcp any host 10.30.0.100 eq 80
The IP address 10.30.0.100, in above deny statement is not a source address, rather it is the destination address (and belongs to the web server). So when this ACL is applied to interface VLAN 20 in the "in" direction, it blocks HTTP traffic (on port 80) originating from "any" host on VLAN 20, destined for the web server.