I have 10 vlans created on a 4500 switch.I don't want intervlan communication ip routing is enabled.I do not want to use private vlans because i want the switch to be in vtp server mode.SVI access lists will be too long to implement for 10 vlans.Is there a simple and shorter way to enable that restriction ?
If you have routing enabled, and you have several svi's, all of the traffic will be able to traverse every svi on the switch. You'll need to create an acl for every svi that you want to restrict.
You can use inbound or outbound acls depending on what you want to block, but there's not a shortcut unfortunately.
You can configure VRF-Lite
If you want no intervlan communication between any vlans just remove the SVI definitions on the vlans and let it run as a layer 2 switch though I can't imagine any network that doesn't have to be routed for one reason or another . You never have to have devices talk between any of those vlans or they don't have to be routed anywhere else ?
In fact the administrator should be able to communicate with any vlans but users not.So inter vlan communication should be enabled on all vlans.
You could always take the default gateways off the clients and just use static routes to allow end clients to talk to authorised devices.
Not an elegant way, but would solve your problem.
Nice solution, thanks
Authorised devices the client should talk to are on the distribution switch and SVIs are created on the distribution switch.
In that case where will the route be applied ? Is it on the access switch or distribution switch?
This will not work because connected route have AD of 0 but static route have AD of 1 and and the switch will use connected routes.With connected routes you need to define default gateway