I recently configured a L3 switch that has two VLANs
I applied an access list to VLAN 100 so that on 192.168.1 - .128 were allowed to access the network.
VLAN 101 is the uplink to the Firewall and WWW. This worked fine and an IP address 192.168.1.150 couldn't get access.
I then found that someone had cross patched a network on the 10.0.0.0/24 and the switch was allowing the traffice to pass at Layer 2
Am I right in thinking that ACLs only work when the switch is routing?
The next think I want to do is disable DHCP as its not used on my network and I dont want rouge DHCP servers being able to answer requests on my network.