What to use? Standard ACL or VACL

[MrNick0483]

I currently have a Cisco 3750G doing all of my layer 3 for my network. The switch is configured with with a vlan for each of my four remote locations that are connected back to our data center via fiber:

VLAN 36 10.36.0.1 (Server Vlan)
VLAN 56 10.36.56.1
VLAN 128 10.36.128.1
VLAN 64 10.36.64.1
VLAN 80 10.36.80.1

What i would like to accomplish is deny VLANS 56,128,64,80 from being able to access each other but still be able to have access to the 36 vlan. I am a little unsure of the ACL i would need and what to deny and permit. Thanks for the help.

 

[unclerico]

If you want to permit all traffic to/from VLAN 36 and elsewhere, but deny all other traffic between the other VLAN's:

access-list 101 permit ip any 10.36.0.0 0.0.0.255
access-list 101 deny ip any 10.36.0.0 0.0.255.255
access-list 101 permit ip any any

VLAN56: ip access-group 101 in
VLAN128: ip access-group 101 in
VLAN64: ip access-group 101 in
VLAN80: ip access-group 101 in

Note that this will deny all ip traffic to subnets beginning with 10.36.x.x so just be aware that any future VLAN's that you add in the 10.36.x.x range will be subject to this ACL. You could get more granular and specify a separate ACE for each subnet in the ACL as opposed to the 10.36.0 0.0.255.255 statement.

This is the easiest way I can think of off of the top of my head.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)