06-05-2012 10:26 PM - edited 03-07-2019 07:05 AM
Hi All,
We have a network of 30 VLANS and currently all the vlans have access to everyhing. We are using Cisco 6509 switch for Layer3 routing.
I would like to prevent some VLANs accessing the server VLANs. Can anyone advise how can i resrict access to the server VLANs?
Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered?
Thanks
Jay
06-05-2012 11:20 PM
use ACL on this layer 3 switch to block some vlan to access server vlan
Regards
06-05-2012 11:26 PM
You can use both solutions but with everything in one routing domain it will be somewhat cumbersome to allow exactly the traffic that you want. There is a third option namely to place the vlans which need to be filtered in a different context using vrf lite.
You may then use the firewall to route and filter traffic. Please check this example:
http://www.cisco.com/en/US/products/hw/modules/ps2797/products_tech_note09186a0080b6216e.shtml
regards,
Leo
06-06-2012 06:08 PM
Thank you for the reply guys.
Can you confirm if the access-lists will go under VLAN interfaces on 6500 switch?
Thanks
Jay
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide