Question : Setting up Access List on Catalyst 4506, IOS version 12.1(20)EW2

I am setting up two external and one internal networks on a Catalyst 4506.

Internal Network: VLAN1 - 172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
VLAN3 - 10.138.58.161/28

How do I set up access list to prevent the two external networks from talking to the internal networks? I know on a router, I don't need to set up
access list to achieve this.

Answer : Setting up Access List on Catalyst 4506, IOS version 12.1(20)EW2

Actually, on a router you would indeed have to set up an ACL to achieve this. The 4506 configuration would be the same as it would be on a router. The ACL would just be applied to a VLAN interface as opposed to a FastEthernet/Ethernet/Serial interface on the router. The PIX firewall is the one that blocks traffic by default from a low security to a high security interface.
The ACL you would need would be something like:
!
access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
access-list 101 permit 10.138.56.79 0.0.0.255 any
access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
access-list 102 permit 10.138.58.161 0.0.0.15 any
!
interface VLAN2
ip access-group 101 in
!
interface VLAN3
ip access-group 102 in

Random Solutions

usage of dialer string and dialer map command in cisco 2610

Unable to add network printer with User or Power User rights

Cisco AP 1240AG

Logging Linux to a central syslog server

Codec negotiation process

Unresolved Compilation Problem in Java

HOW TO RESTRICT THE CALL DURATION.

Getting a 169 address

Remote Web Workplace RWW failing with error 501 not implemented

Proxy 2.0 & MSN Messenger