https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30354#M1607 <P style="margin: 0;">I do not have a definitive answer for you, but it seems like some kind of technical limitation on initial support for ICX7850. I can see that note in 8090 and 8092 documentation. 8095 has a pretty large re-write from an ACL standpoint and I do not see that limitation mentioned in 8095 documentation. ACLs will generally be applied at the vlan level starting from 8095 forward. It may be worth giving 8095d a shot for this specific use case.&nbsp;</P> Mon, 21 Jun 2021 20:36:50 GMT BenBeck 2021-06-21T20:36:50Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30353#M1606 <P style="margin: 0;">Can anyone explain why this is the case?&nbsp; From the 08.0.92e documentation:&nbsp;</P> <BLOCKQUOTE> <P style="margin: 0;">On ICX 7850 devices only, configuration of egress ACLs is blocked on any virtual interface with an associated VLAN that contains an untagged port.</P> </BLOCKQUOTE> <P style="margin: 0;">And sure enough, when I try:</P> <BLOCKQUOTE> <P style="margin: 0;">(config-vif-1234)# ip access-group acl-name out<BR />Error: Egress ACL on VE is not supported when vlan has untagged ports</P> </BLOCKQUOTE> <P style="margin: 0;">It works fine on all other models we have (7450, 7650, 7750) as this is a normal thing for us.&nbsp; Why not here?</P> Mon, 21 Jun 2021 20:23:39 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30353#M1606 howardtopher 2021-06-21T20:23:39Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30354#M1607 <P style="margin: 0;">I do not have a definitive answer for you, but it seems like some kind of technical limitation on initial support for ICX7850. I can see that note in 8090 and 8092 documentation. 8095 has a pretty large re-write from an ACL standpoint and I do not see that limitation mentioned in 8095 documentation. ACLs will generally be applied at the vlan level starting from 8095 forward. It may be worth giving 8095d a shot for this specific use case.&nbsp;</P> Mon, 21 Jun 2021 20:36:50 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30354#M1607 BenBeck 2021-06-21T20:36:50Z https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30355#M1608 <P style="margin: 0;">Thanks for this.&nbsp; We try to run the same version of code everywhere so we're on 8092e on around 900 switches right now.&nbsp; However, this case is a new install and doesn't have production traffic on it yet so I just installed 8095d.&nbsp; You're correct that the ACL is now in the vlan and not the router interface, but it accepted the "out" direction ACL.&nbsp; Once I get a server connected to the switch I'll be able to test it, but looks good so far.</P> Mon, 21 Jun 2021 21:10:02 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ICX-7850-egress-ACL-not-supported-with-untagged-vlans/m-p/30355#M1608 howardtopher 2021-06-21T21:10:02Z