We have a 3662 router with an ATM card in it and 3 ethernet ports. The ATM had about 100 sub interfaces on it, and most of the regional sites are allowed to connect to just one of the networks on the ethernet side (say port 1). We have 1 ATM subinterface which maps to the second ethernet port, and another ATM subinterface maps to the third ethernet port.
We could consider it as three different customers using the same device to help describe the network layout and requirements. Traffic from one customer should not be able to get to the other customers network and vice versa. The ATM connections are either to frame circuits or to a layer 2 LAN service.
OSPF is running on the box on all subinterfaces to provide the routing informaiton to the regional sites.
We were thinking of using access lists to prevent traffic from being crossed over from network to network and wanted to see if there might be a better way of doing this.
An example of a layer 2 LAN service sub int on the ATM is as follows
interface ATM1/0.432 point-to-point
description Connection to #12345
bandwidth 10000
ip address 10.250.2.170 255.255.255.248
pvc farend 4/32
ubr 10000
inarp 10
broadcast
encapsulation aal5snap
!
Any suggestions?