I need some help with a configuration I've not had to deal with before. I'm building out a new network that will have multiple customers on it with multiple VLAN's that will need to be secured from one another. On my current network I don't have to worry about that so this will be all new to me. I will need to restrict the traffic so that the VLAN's will not be able to get to one another but that my management network will only be able to do so.
I have setup a test network with Packet Tracer and put ACL's on the VLAN's but when I do it kills the trunk on my layer 2 switch, HSRP and OSPF is blocked as well. If I put in the ACL to allow OSPF that works but the trunk and HSRP is still affected, I've put in a permit for 22.214.171.124 for HSRP but still not working.
MY question is what do you all use to secure your VLAN's from one another? Is it VACL's or something different?
Thanks Louis, I was working out that solution currently. I am doing it a little different where I only allow the subnet for that vlan in while also allowing ospf and hsrp as well. However the hsrp portion will change if I do VSS. Thanks for all the information guys!
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...