Chapter 9. Securing the network by using IP access control lists
In the last chapter, you configured IP routing and switched virtual interfaces (SVIs) to allow hosts on one subnet to talk to hosts on another. By default, IOS doesn’t restrict this sort of inter-VLAN communication. Any device on one subnet can reach any device on another, provided you’ve set up routing correctly.
If these were the 1990s, you could probably leave it at that. But security is a big deal nowadays, and many organizations require tight control over how traffic flows between devices. If you want to be taken seriously as a Cisco network administrator, you have to know how to configure your switches and routers to restrict IP traffic according to those requirements.