<div>
So to educate you a bit:<br />
1. Access lists have an &quot;implicit deny&quot; which means that when you create it, any traffic not specifically permitted will be blocked. that's why you have to have the permit statement at the end (in this case).<br />
2. You create the list and then apply it to the interface. &quot;In&quot; means in toward the router from the LAN and &quot;Out&quot; means out from the router to the LAN. So in this case we are saying that any traffic trying to exit the LAN through the router will be subject to the assigned access list.
</div>


So to educate you a bit:
1. Access lists have an "implicit deny" which means that when you create it, any traffic not specifically permitted will be blocked. that's why you have to have the permit statement at the end (in this case).
2. You create the list and then apply it to the interface. "In" means in toward the router from the LAN and "Out" means out from the router to the LAN. So in this case we are saying that any traffic trying to exit the LAN through the router will be subject to the assigned access list.

<div>
Thank you mikebernhardt,<br />
<br />
ACL was the answer!
</div>


Thank you mikebernhardt,

ACL was the answer!

<div>
<div class="content wysiwyg-content">
Assuming the following network:<br />
- Lan with vlan 10 (192.168.10.0) - servers vlan<br />
- Lan with vlan 20 (192.168.20.0) - desktops vlan<br />
- Lan with vlan 30 (192.168.30.0) - wireless vlan<br />
<br />
I need the following results:<br />
<br />
- VLAN 20 and 30 can reach vlan 10 (servers) to be able to use shared files, printers, and all shared things.<br />
- VLANs 20 and 30 can´t see each other (can´t ping and access shared files)<br />
<br />
I made a home lab, with my Cisco SG100 layer3 switch, but when I enable the router option, all VLANs can see ping &nbsp;each other, without an option to restrict a specific VLAN.<br />
<br />
What I need to do?
</div>
</div>


Assuming the following network:
- Lan with vlan 10 (192.168.10.0) - servers vlan
- Lan with vlan 20 (192.168.20.0) - desktops vlan
- Lan with vlan 30 (192.168.30.0) - wireless vlan

I need the following results:

- VLAN 20 and 30 can reach vlan 10 (servers) to be able to use shared files, printers, and all shared things.
- VLANs 20 and 30 can´t see each other (can´t ping and access shared files)

I made a home lab, with my Cisco SG100 layer3 switch, but when I enable the router option, all VLANs can see ping  each other, without an option to restrict a specific VLAN.

What I need to do?

Setting what network a VLAN can reach

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.