Hello,
i our IT-Lab we are running two Nexus 5672UP devices configured with HSRP, VPC Peer link and for our ip segments the interface vlan`s.
My questions, what can I do to prevent the routing between networks?
Our Network is defined with three main IP segments.
172.16.0.0/16 for our main infrastructur
172.17.0.0/16 for our VMWare Cluster
172.18.0.0/16 for our different solutions
My object is to establish who can communicate with whom.
For example, network 172.17.1.0/24 shouldn`t communicate with 172.17.10.0/24 because both are different solutions.
I found different solutions for this but Iam not sure what the best is.
1. I dont know, a nice solution for me would be to use Cisco ASA 5510 or 5512-x for control traffic with ACL rules. ASA would be Gateway for all networks but my problem is, the maximum vlans (Subinterfaces) is set for 100 :(
And I think its not possible to incease the vlans number with installing licenses?
2. Private VLAN: I dont know if this a good idea for Nexus5672 Systems
3. using VRF on Nexus Systems. But I think here i must also configure ACL and accesslist are limited on Nexus because the memory is the problem.
Does anybody a idea, what I can do?
Thanks for replies.
regards
Matthias