We have an installation with 20 VLANS distributed via VTP to all the switches we have. We have routing between VLANs enable. So, there is total access between VLANs.
But, we would like to restrict access to the managemente VLAN. Using access-list on VLAN interfaces we managed to do so:
Y.Y.Y.Y --> management VLAN
X.X.X.X --> not a management VLAN
access-list 100 deny ip X.X.X.X X.X.X.X Y.Y.Y.Y Y.Y.Y.Y
access-list 100 permit ip X.X.X.X X.X.X.X any
interface VLAN X
ip address X.X.X.X X.X.X.X
ip access-group 100 in
But, we would like to maintain the access from the managemente VLAN to the rest of the VLANs, the same time we avoid accessing from the rest of the VLANs to the management VLANs. With the access-list above, we are not getting this. We have no access from the management VLAN to the rest.
Any idea? Is it possible without firewall?
THANK YOU VERY MUCH