I'm using an
SG300-28P as our VLAN interconnect between our ISP and Firewalls as well as remtoe Offices.
So there are several VLANs that we have on the unit:
101 10.1.x.x Internal Subnet
102 10.2.x.x Internal Subnet
10# 10.#.x.x Internal Subnet
192 192.168.0.x Subnet for Public Use in our Building
198 Our Public IP Address Space 1
204 Our Public IP Address Space 2
So Obviously I want to be able to route between the 10.#.x.x Subnets.
Though I dont want to route between the other Subnets.
How can I setup the ACLs to make sure that someone on one of the 3 Public Subnets does not try to Connect to the Internal Subnets.
Is it Allow All IP and then a Deny 192,198, 204 as source to the 10# VLANs?
Or is it Deny 192,198, 204 as source to the 10# VLANs then Allow All IP (or Allow 10.1, 10.2, 10.#)?
Thanks,
Scott<-