Most of my users are on VLAN12. They are your basic user (clueless and dangerous, lol). I have a sensitive network on VLAN11 and only 2 people on 12 need access to 11. I'd like to block everyone else.
Can someone give me an idea of the ACL I would have to write to do this? These are 3560s and 3560Gs. No router in the net.
My 2nd ACL will block traffic just for Vlan12 while allowing the 2 host from Vlan12 as well as the remaining subnets incoming traffic to Vlan11.
The order in the ACL matters, so make sure you have the 2 hosts from Vlan12 listed first, then have a deny for Vlan12 to the entire subnet and last ACL entry will have a permit any.