switch(config)#vlan access-map deny_traffic - define a access map for vlan
switch(config-access-map)#action drop/forward - put in action drop or forward
switch(config-access-map)#match ip address 101 - match access list 101
switch(config)#access-list 101 permit ip host 192.168.2.2 host 192.168.2.3
switch(config)#vlan filter deny_traffic vlan-list 200 - filter out the vlan 200 host .2 to access .3
-------------------------------------------------------------------------------------------
switch(config)#interface fastethernet 0/2
switch(config-if)#switchport protected - it only able to access unprotected port
switch(config-if)#switchport block unicast
