My workplace is wanting to get into further segmentation of resources via ACLs. For example, we would like to segment user labs in a way that allows them to specifically not be able to interact with our servers in any way, shape, or form. However, I am curious about people's thoughts on the location of the ACLs being placed.
Our architecture generally consists of a multi-layer switch which is used as our network core and multiple IDFs spread across a physical location. Our servers are generally located in the same physical location/room as the core switch. Would it make more sense for us to put the ACLs in place at the switch closest to user labs, or would it make more sense for the ACLs to be placed on the multi-layer core?
Thanks for any advice in advance!