I have two switches doing layer-3 routing. One is an N4064F and the other a stacked pair of 8024Fs. I am trying to block all in-band managment traffic on all VLANs and just use the OOB interfaces for web/CLI management traffic. If I do something like this:
management access-list Default
deny vlan 1001 service any priority 1
deny vlan 1002 service any priority 2
deny vlan etc...
exit
management access-class Default
It works fine on the N4064F. DNS and SMTP traffic coming from the switch still works from the OOB interface. If I do the same thing on the 8024F it blocks DNS and SMTP traffice (and possibly others) while allowing telnet, SSH, HTTP, and HTTPS traffic to the OOB interface. That suggests that the blocked traffic isn't flowing from the OOB interface, but rather from an in-band one. Any thoughts?