Novelluser
Technical User
We have two core 4506 switches, these feed a number of 3750’s
Stack1 : 3 3750’s connected with custom Cisco cable
Stack2 : 2 3750’s connected with custom Cisco cable
Stack3 – a single 3750 on its own (at present)
We have 8 internal VLANs : 172.33.1.0, .2.0, .3.0 etc
What we want to do is add ACLs so that
172.33.1.0 can talk to any other subnet
172.33.5.0 (IT) can talk to any other subnet)
But the other subnets have “1 way” communication :
172.33.3.0 can talk to 172.33.1.0 (for server access)
172.33.2.0 can talk to 172.33.1.0 (for server access)
172.33.4.0 can talk to 172.33.1.0 (for server access)
Etc – effectively stopping a marketing PC on subnet 4 talking to a Finance PC on subnet 6
Question we have is :
If I trunk a number of subnets down to the Stacked Edge layer switches, Can I ACL on the edge layer switches to stop each subnet talking to the other ones as needed ? Or is this only do-able on the core switches ? the stacks are uplinked via a single connection to each Core switch.
Stack1 : 3 3750’s connected with custom Cisco cable
Stack2 : 2 3750’s connected with custom Cisco cable
Stack3 – a single 3750 on its own (at present)
We have 8 internal VLANs : 172.33.1.0, .2.0, .3.0 etc
What we want to do is add ACLs so that
172.33.1.0 can talk to any other subnet
172.33.5.0 (IT) can talk to any other subnet)
But the other subnets have “1 way” communication :
172.33.3.0 can talk to 172.33.1.0 (for server access)
172.33.2.0 can talk to 172.33.1.0 (for server access)
172.33.4.0 can talk to 172.33.1.0 (for server access)
Etc – effectively stopping a marketing PC on subnet 4 talking to a Finance PC on subnet 6
Question we have is :
If I trunk a number of subnets down to the Stacked Edge layer switches, Can I ACL on the edge layer switches to stop each subnet talking to the other ones as needed ? Or is this only do-able on the core switches ? the stacks are uplinked via a single connection to each Core switch.
