VTP is really only intended to distribute vlan information between switches, not necessarily limit routing between vlans. Inter-vlan routing is really controlled via ACLs on the L3 vlan interfaces, so if you are routing on your core switches, for example, you would block routing between the associated VLAN's subnets.
You can certainly separate switches into different VTP domains but that only limits which vlans get inserted into the switch's VLAN database - it does not preclude a device connected to that switch from being able to connect to another VLAN provided that the uplink trunk is allowing that VLAN.
Your steps above are fine for minimizing VLANs on certain switches but you'll need ACLs on the VLAN SVIs (switch) or sub-interfaces (router) if you want to limit traffic between VLANs. If you don't want any routing at all, you won't have an SVI or sub-interface for that particular VLAN so that only ports on VLAN 6 will be able to communicate with one another.
After your suggestion, I went on to study the VLAN ACCESS CONTROL from Cisco website. I have gained the knowledge how to implement it but I have one question below.
As the VLAN ACCESS CONTROL can block different subnet and so at the same time it applies to different VLAN if the VLAN represents by the same subnet. The problem is where are the switches this VLAN ACCESS CONTROL applies ?
For exaple as for typical Cisco Hierarchical Network, all the different VLAN scattering on different access switches under different distribution switches.
The same requirement that VLAN 1, 2, 3 are inter-routing each other while VLAN 4, 5 are inter-routing each other.
After I create the access lists and then create the VLAN access maps for all the requirement. How do I apply the vlan access maps to the switches?
Are the VLAN access maps to be applied on all the access layer switches since different PC in different VLANs will pass through the access layer switches in the first place before the distribution and core switches?
Or I can apply to one of VTP server (for example at one of the core layer switch), then this VTP server will propogate the VLAN ACCESS MAP to all the switches (in VTP client mode)?
Please help to provide your advise if you or anyone know the answer.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...