I have a 3560 switch that has multiple vlan's defined on it. Currently, there are acl's on the switch that keep one vlan from passing traffic to another vlan(each vlan should be distinct because they are seperate entity's). We are having issues duplicating this functionality on another switch(a 2960). Are the vlan's really necessary? Will the default behavior of a vlan keep traffic from being passed among the vlan's anyway?
"Currently, there are acl's on the switch that keep one vlan from passing traffic to another vlan..." First of all, I guess we should know a bit more about your topology, but in order for Vlans to communicate they need to be routed. A router with one interface on each vlan or a router-on-a-stick setup.
"Are the vlan's really necessary?" It depends, what is the objective?
"Will the default behavior of a vlan keep traffic from being passed among the vlan's anyway?" You need to think about Vlans as individual networks. Therefore, in order for them to be able to communicate they need to do so through a router. This cannot be accomplish with just ACLs. (If I am mistaken, I would love to know how it is done).
What is your topology like and what is the main objective?
I am beginning to have doubts about what you mean by "communicate between them" but again, Vlans behave as different/separate networks, they do not/cannot communicate between them natively, they need a router to do so.
Also, ACLs can filter IP addresses but they DO NOT route IPs.
Am I not understanding your question? I do apologize if that is the case...
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...