I am using this switch in my lab for testing. There are no other layer 3 devices in my lab besided this switch. if I go ahead and set up my VLANs, can I still use access lists to allow or deny connectivity between different ports (devices) on different VLANs on this layer3 switch?
VLAN 1: 192.168.1.1
Device A: 192.168.1.10
Device B: 192.168.2.10
Device C: 192.168.2.11
Device D: 192.168.2.12
How do I restrict access between Device C and Device A? In other words how can I let only Device B in VLAN2 communicate with Device A in VLAN1?
I know how to write the access list but not sure about the exact command. Would it be something like:
Access-list 101 extended permit tcp 192.168.2.10 220.127.116.11
Access-list 101 extended permit ip192.168.2.10 18.104.22.168
Where do I apply the access-group command?
Or should I use a standard access-list?
And since there is an implicit deny at the end of every access-list, all other nodes on VLAN2 will be denied accessing VLAN2, correct?
Thanks for your help.