Hi I’m not too experienced with ACL’s so I come here seeking your help.
Recently we had a security audit performed and one of the items that was highlighted was that the production VLAN can see the management VLANs (ie SAN, VM host, Security Cameras). So I need to block this access with a ACL for the majority of our users but still need to exclude some members of our department.
So after doing some research I have come up with this.
---
interface vlan 1
ip address 10.113.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
interface vlan 2
ip address 10.111.0.1 255.255.0.0
!
interface vlan 3
ip address 10.114.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
ip access-list extended BAN_VLAN_2
deny ip 10.111.0.0 0.0.255.255 any
permit ip any any
---
VLAN 2 being my general VLAN.
Is there a better way of doing this? If so how?
Thanks!
Matthew