05-21-2008 04:39 AM - edited 03-05-2019 11:07 PM
Hi,
I have a pretty simple network setup with multiple VLANs only using Static routing. We only have one default static pointing outbound. There are a few VLANs suchs as a "backup" network and "iscsi" network that we'd rather not have reachability to and from the rest of the network, since no one besides IT really needs to reach it.
I was thinking of just allowing icmp/snmp/etc inbound on those particular SVIs for NetOps, but I wanted to know what other options or ideas anyone else has.
Thanks,
JayE
05-21-2008 04:48 AM
if you are after additional L2 isolation you could make use of Private VLANs.
HTH
Sam
05-21-2008 05:28 AM
I'm not after l2 isolation. Just don't want those subnets to be accessible or routable to anyone but the IT departments. Just wondering if there is anything else besides ACLs...maybe something with routing?
05-21-2008 10:31 AM
if your IT staff is in their own VLAN/subnet, you can set up policy routing/black hole routing to route traffic from the user subnets to the protected subnets to null0.
05-21-2008 10:43 AM
That makes senese. I would just have to soure route everything to null 0 except the IT subnet. That would work.
I think I'm going to just stick to ACLs. I've been testing it today and it's not as bad as I thought and I may even isolate mgmt traffic to a single NMS box which would simplify the config even more.
Thanks for the suggestion!
JayE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide