I have several remote offices and all offices use the same VLAN's 1,2,3,4,5,6,etc... I was able to create an access-list which will only allow VLAN 1 in one remote office to communicate with VLAN 1 in the other remote offices. The problem I have is when traffic tries to route to the Internet. Normally I would just add an ANY statement for this. But if I do that then all the traffic will be permitted. The other way would be to individually deny traffic to the VLAN's. But this would require a lot of statements and might be difficult to manage. I think there is an easier way to do this. Does anyone have any suggestions. Thanks.
If I understand your question correctly, you need to block your traffic at the closest point possible by adding acl's to each of your branches. If they are contiguous blocks (vlan1,2, and 3 - ip 192.168.1.0, 2.0, 3.0 respectively, you may want to look into creating an ACL that summarizes the networks that you want to block. Put that at the top of your list, and then permit your local traffic out to everything else.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...