Dear Cisco Users/experts,
I'm not sure if posted in the right forum, but it's about ACLs and switching, so...
Currently i'm configuring our new network:
2x 3750G (WS-C3750G-24-TS) in a stack, so it's one switch logically.
2x 2960G (WS-C2960G-48-TC-L)
There are seperated vlans: servers, internet, management, per department vlans. I'm using inter-vlan routing.
Let's say that the management network is vlan 4. Only the IT vlan may access the management vlan. Therefor i've created a ACL:
access-list 3 permit 192.168.21.0 0.0.0.255
ip address 192.168.4.1 255.255.255.0
ip access-group 3 out
The ACL works, clients can't ping 192.168.4.2 (access switch1), .3, .4, etc. but they can ping 192.168.4.1, and therefor gain access to the Stack.
So the ACL works, but it's still possible to ping the vlan IP address.
How can i secure my managment network?
The config is attached.
Thanks in advance