04-12-2013 07:49 AM - edited 03-07-2019 12:47 PM
HI,
We have a 5510 and a L3 3750x stack. I have Inter-VLAN routing setup and working, but on certain VLAN's I'd like to filter certain traffic. I know you can use an access map to essentially stop inter-vlan, but i'd like to keep certain traffic up and others blocked. Is this currently possible?
An example that matches this is
VLAN1 is users
VLAN2 is servers
VLAN3 is dev
I want users to access server, but only certain things on dev (like a file server for testing). Is there a way to do this?
04-12-2013 10:34 AM
The Inter-VLAN routing is being performed on the 3750 stack?
If you want to control inter-vlan traffic, you could use something like PBR to force the traffic to route toward the ASA prior to the 3750 making a routing decision.
If that solution is not desirable, you could use simple ACLs on the 3750 stack in order to manage the policy between VLANs. This solution will more than likely be clunky and a bit more difficult to manage, however it may be the easiest option.
Hopefully this answers your question!
04-12-2013 10:40 AM
The inter-vlan routing is being performed on the 3750 stack. We have a vm environment doing VST based switching, which have trunks to port they connect on the 3750's
We DO have a 1921 router with gig interfaces, thinking maybe a router-on-a-stick type solution may be best, and set the next hop on those certain vlans to that router, and controlling the ACL's there.
Got any good docs on the ACLs?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide