Hello Cynthia,
What you are looking for are not just ACL's but what are referred to as VACL ie Vlan-ACL. These are configured a bit different from the usual ACL in that you use VLAN mapping:
VACL's are very tricky I shall point out why shortly, I shall also show you how to do it on one VLAN ie vla2 then you can do it on the others. Consult me offlist for more:
I shall take a case of Vlan 2, use named ACL's (I prefer them coz of reading the config file)
1. Create ACL to permit and deny traffic to vlan2 from other vlans and also from vlan2 to other Vlans
ip access-list extended vlan3_to_vlan2
          permit all you want
ip access-list extended vlan4_to_vlan2
          permit all you want
ip access-list extended vlan5_to_vlan2
          permit all you want
ip access-list extended vlan6_to_vlan2
          permit all you want
ip access-list extended vlan2_to_otherVlans
          permit all you want
2) Now once done with the above ACL create access-maps for them, note that for_vlan2 is the map name, the other is the sequence number ie 10 - 14, this is where it is tricky where you deny traffic here with action cmm yet you had permitted it above in the ACL.
vlan access-map for_vlan2  10
  match ip address vlan3_to_vlan2
action forward
exit
vlan access-map for_vlan2  11
  match ip address vlan4_to_vlan2
action forward
exit
vlan access-map for_vlan2  12
  match ip address vlan5_to_vlan2
action forward
exit
vlan access-map for_vlan2  13
  match ip address vlan6_to_vlan2
action forward
exit
vlan access-map for_vlan2  14
  match ip address vlan2_to_otherVlans
action forward
exit
3) Once the access-maps are done for the ACL's that you had done it is time to appply them to the Vlan interface. The command to apply the above access-map for_vlan2 to vlan2 is as below:
# vlan filter for_vlan2 vlan 2
After that you are done and you can now test accest to the vlan2 to confirm all is ok
Cheers man
Themburu
On Wed, Oct 14, 2009 at 11:09 AM, techi <myskunkworks@gmail.com> wrote:
Thanks Aki. This is good info.

@Cynthia: If u still wonna use ACLs, check;

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sga/configuration/guide/secure.html

You can actually do ACLs at layer 2 (using MAC address)



On Wed, Oct 14, 2009 at 10:35 AM, Cynthia Wahome <cwahome@jambo.co.ke> wrote:
thanks alot aki


> On Wed, Oct 14, 2009 at 9:25 AM, Cynthia Wahome <cwahome@jambo.co.ke>
> wrote:
>
>>  Hi All,
>> I have 5 VLANs in my network configured in my L3 switch 4500. currently
>> all VLANs can ping and reach each others,  means 192.168.3.100 host in
>> my
>> vlan2 can reach 192.168.1.100 which is vlan3. I want to create an ACL in
>> my L3 switch to deny the Vlans to access or ping each other, I just want
>> them to access my servers 172.16.1.10 - 172.16.1.30 which are in the
>> default Vlan1. can someone advise me which the commands and where to
>> apply
>> them in the L3 switch.
>>
>> Thanks
>>
>
> Hey Cynthia, I've no experience on Cisco layer3 but worked on Dlink layer
> 3.
> However, pls go to the link below, Cisco has provided all the info about
> configuring Private VLANs and also enable routing. It has alos given the
> commands for the ports, which will help. HTHs.
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/pvlans.html
>
> http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/l3_int.html#wp1029700
>
> ----------------------------------------------
> This message has been scanned for viruses and
> dangerous content by Jambo MailScanner, and is
> believed to be clean.
> ---------------------------------------------
> "easy access to the world"
>
> _______________________________________________
> Skunkworks mailing list
> Skunkworks@lists.my.co.ke
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
> ------------
> Skunkworks Rules
> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
> ------------
> Other services @ http://my.co.ke
> Other lists
> -------------
> Announce:
> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
> Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
> kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general



----------------------------------------------
This message has been scanned for viruses and
dangerous content by Jambo MailScanner, and is
believed to be clean.
---------------------------------------------
"easy access to the world"

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
Other lists
-------------
Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce
Science:  http://lists.my.co.ke/cgi-bin/mailman/listinfo/science
kazi:     http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general



--
Conservatism is the adherence to the old tried against the new untried.