Preventing Inter-VLAN communication - Layer 3 Switches

What would be the best approach to stop communication between two vlans on a 3550 L3 switch?

Would I have to use VLAN maps and or Router ACLs...? This is one of those things I've never fully understood as the CCNA level books were always based around L2 switches and ROAS..

Thanks

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

aaron0011

ACLs applied on the SVIs will do the trick.

xnx

Thanks, for once I didn't read up properly and I just found this:

Catalyst 3550 Multilayer Switch Software Configuration Guide, Rel. 12.2(25)SEB - Configuring Network Security with ACLs [Cisco Catalyst 3550 Series Switches] - Cisco

It explains everything pretty well.

tomtom1

VACL's are for traffic within the VLAN. In this case, as already mentioned you need to put ACL's on the SVI.

xnx

Thanks, yeah I now understand how VLAN maps apply to traffic within a VLAN and can be used to prevent communication between two hosts on the same VLAN.

mesho_emad

i want to know also

tomtom1

mesho_emad wrote: »

i want to know also

The answer has been given already, what isn't clear?

Dieg0M

wrong. easiest and best way is to put them in separate VRF's

OfWolfAndMan

#8
wrong. easiest and best way is to put them in separate VRF's

Agreed.

xnx

Thanks, I guess SVI ACLs would be the best approach for a School network - it has 3560s; obviously outdated equipment?

I'll be working on a school network and one day hope to convert one to a Staff/Students/Management VLAN setup where the VLANs are completely isolated.