Configuring ACLs to Isolate VLANs on S7706 (Layer 3)
This article explains how to use ACLs on a Huawei S7706 device to prevent inter‑VLAN communication at Layer 3 by defining separate ACL numbers for each VLAN pair and applying them with traffic‑filter commands on the inbound direction of each VLAN interface.
The goal is to block traffic between VLAN 2 (192.168.2.0/24), VLAN 3 (192.168.3.0/24) and VLAN 4 (192.168.4.0/24) on an S7706 switch using Layer 3 ACLs.
Define the ACLs:
acl number 3002rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.3.0 0.0.0.255rule deny ip source 192.168.2.0 0.0.0.255 destination 192.168.4.0 0.0.0.255acl number 3003rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255rule deny ip source 192.168.3.0 0.0.0.255 destination 192.168.4.0 0.0.0.255acl number 3004rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255rule deny ip source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255Apply the ACLs to the VLAN interfaces using traffic‑filter commands:
traffic-filter vlan 2 inbound acl 3002traffic-filter vlan 3 inbound acl 3003traffic-filter vlan 4 inbound acl 3004After these configurations, VLAN 2, VLAN 3, and VLAN 4 cannot communicate with each other, while other traffic (e.g., to upstream routers) remains unaffected.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.