Inter VLANs traffic needs to be routed and hence pass through a Layer 3 device. That means you can use access-lists on the L3 device to permit and deny traffic to pass from one subnet (=VLAN) to another. The access-lists can be applied to the physical or logical (VLAN interfaces) you use.
Private VLANs create sub-VLANs within a VLAN and are usually better suited to apply traffic limitations between ports in the same VLAN. However, depending on what you actually want to achieve, Private VLANs may be a good, or better, solution if you now have created different VLANs for single hosts (but we would need more information about your requirement).
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...