I have about 20 routers connected to my 3750 Cataylst and they are all on the same network. (172.16.2.0/24) My problem is that I need to block certain routers from seeing other routers on this switch. So, I figured I need to find some way to block certain ports from seeing certain ports and/or blocking traffic from certain ports to certaing ports. In nut shell, this is what I need to accomplish.
Port 44 Needs to see Ports 2 & 9 but should not see any other router on any other port.
Port 41 Needs to sese Ports 2,4,5,42 but should not see any other router on any other port.
Port 9 Needs to see Ports 2,4,5,6,44 but should not see any other router on any other port.
We tried creating ACL's for this though it did not work. Our Plan B was to implement Private Vlans, though from my understanding Private Vlans, they will only solve a protion of the problem. I was wondering if anyone had ideas. My next step is to researching a combination of Private Vlans and Port-Securiry and or some kind of combinatio of Private Vlans/Port Security/Protected Ports.
Any ideas or suggestions would greatly be appreciated.