Configuring ACLs to Isolate VLANs on S7706 (Layer 3)
This article explains how to use ACLs on a Huawei S7706 device to prevent inter‑VLAN communication at Layer 3 by defining separate ACL numbers for each VLAN pair and applying them with traffic‑filter commands on the inbound direction of each VLAN interface.
The goal is to block traffic between VLAN 2 (192.168.2.0/24), VLAN 3 (192.168.3.0/24) and VLAN 4 (192.168.4.0/24) on an S7706 switch using Layer 3 ACLs.
Define the ACLs:
acl number 3002 rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.3.0 0.0.0.255 rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
acl number 3003 rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
acl number 3004 rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
Apply the ACLs to the VLAN interfaces using traffic‑filter commands:
traffic-filter vlan 2 inbound acl 3002 traffic-filter vlan 3 inbound acl 3003 traffic-filter vlan 4 inbound acl 3004
After these configurations, VLAN 2, VLAN 3, and VLAN 4 cannot communicate with each other, while other traffic (e.g., to upstream routers) remains unaffected.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.