Cisco 3650x ACL

Capture.png is just access list. ACLs don't do actually anything until are applied somewhere (physical interface, SVI or VLAN). Since your ACL is extended ACL it also needs to be applied on the right place and in the right direction to be able to filter traffic.

Hi Predrag,

This ACL has being applied to the switch interfaces that are on that vlan and are set-to in

Still insufficient details.
Switch interface can be physical or virtual.
:)
So, if ACL itself is written properly (source of traffic is located in 172.27.5.0/24 and destination for traffic is located in 172.27.0.0/24) typically there are two possible errors:
ACL is applied on wrong interface, or in the wrong direction (or both).

Actually, you need to put all your denies in the ACL before your permits. This will ensure the denies are caught in the ACL before the permits. These are read by the switch in a top down fashion.

Not really that denies need to be permits. Otherwise statement 170 would block a lot ... :)
More specific statements should be on the top.

ok i redid the ACL with the Deny TCP ports up at the top and it seems to be working

Not really that denies need to be permits

Suppose to be

Not really that denies need to be before permits.

Actually, you need to put all your denies in the ACL before your permits.

Is there something to misunderstand here? According to this
170 deny ip 172.27.5.0 0.0.0.255 172.27.0.0 0.0.0.255
should be before
130 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.1
140 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.10
150 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.7
160 permit ip 172.27.5.0 0.0.0.255 host 172.27.0.5

Access list as you wrote it, is now ordered as

More specific statements should be on the top.

:)
I did not really pay attention how ACL was written (did not notice that destination addresses overlap).