I want to stop people on a VLAN from seeing each other in the network on a 2950-c switch. This is done with "Switch port protection" at layer 2. But the VLANs are trunked to a layer 3 device than routed to the net. What is the command to protect or deny this from happening at the router? I thought maybe a deny in the ACL might do it? Everything is static routes. Its pretty straight foward configs.