<div>
Capture.png is <u>just</u> access list. ACLs don't do actually anything until are applied somewhere (physical interface, SVI or VLAN). Since your ACL is extended ACL it also needs to be applied on the right place and in the right direction to be able to filter traffic.
</div>


<div>
Hi Predrag,<br />
<br />
This ACL has being applied to the switch interfaces that are on that vlan and are set-to in
</div>


<div>
Still insufficient details.<br />
Switch interface can be physical or virtual.<br />
:)<br />
So, if ACL itself is written properly (source of traffic is located in 172.27.5.0/24 and destination for traffic is located in 172.27.0.0/24) typically there are two possible errors:<br />
ACL is applied on wrong interface, or in the wrong direction (or both).
</div>


<div>
Actually, you need to put all your denies in the ACL before your permits. This will ensure the denies are caught in the ACL before the permits. These are read by the switch in a top down fashion.
</div>


<div>
Not really that denies need to be permits. Otherwise statement 170 would block a lot ... :)<br />
More specific statements should be on the top.
</div>


<div>
ok i redid the ACL with the Deny TCP ports up at the top and it seems to be working
</div>


<div>
<blockquote>
Not really that denies need to be permits
</blockquote>
Suppose to be
<blockquote>
Not really that denies need to be before permits.
</blockquote>
<blockquote>
Actually, you need to put all your denies in the ACL before your permits. 
</blockquote>
Is there something to misunderstand here? According to this<br />
170 deny ip 172.27.5.0 0.0.0.255 172.27.0.0 0.0.0.255<br />
should be before<br />
130 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.1<br />
140 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.10<br />
150 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.7<br />
160 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.5<br />
<br />
Access list as you wrote it, is now ordered as 
<blockquote>
More specific statements should be on the top.
</blockquote>
:)<br />
I did not really pay attention how ACL was written (did not notice that destination addresses overlap).
</div>


<div>
<div class="content wysiwyg-content">
Since our switch is acting as an L2 Switch, and our VLANs are untagged I need to create an ACL for the WiFi Subnet to stop it from gaining access to the Production VLAN <br />
<br />
I have attached a snapshot of the ACL rules, the issue I have is that it's not blocking any TCP traffic to the IP address that I have issued a permit rule too.<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/04_w17/1159181/Capture.PNG" target="_blank" class="file-inline" title="ACL Rule (21 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Capture.PNG</a>
</div>
</div>


Capture.PNG

Since our switch is acting as an L2 Switch, and our VLANs are untagged I need to create an ACL for the WiFi Subnet to stop it from gaining access to the Production VLAN 

I have attached a snapshot of the ACL rules, the issue I have is that it's not blocking any TCP traffic to the IP address that I have issued a permit rule too.

Cisco 3650x ACL

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Network Operations includes asset management, help-desk supervision, security and user policies, infrastructure administration and anything else that affects the operation of your network. Discussions will include those of best practices in platforms, configurations, performance, security and accounting.

Network Operations

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.