I have an scenario where I am going to create many VLANs in a 3810 core switch and spread them out with 2930 access switches. If I want to have full interVLAN routing I would enable routing in the core switch with the "ip routing" command. But if I don't want to have full interVLAN routing but partial interVLAN routing, let's say, I want to have communication only between VLANs 10,20 and 30, but not between those VLANs and VLANs 40 and 50, how can I achieve this? I need to use ACLs?
There are two things:
1. I think there will be some servers connected to the core switch in a different VLAN than the users, and I need communication between the users and these servers.
2. If I do the interVLAN routing in the access switches and I have an access switch with VLANs 10, 20, 30, 40 and 50 and users in all these VLANs, and I only want communication between VLANs 10, 20 and 30 but not between those VLANs and VLANs 40 and 50, how can I achieve this?
ACL's are definetly the way to go make this happen. They give you some control over which traffic is allowed to be routed throughout your VLAN's. However, it might be worth it to look into a small-business firewall solution. This gives you much more control, and allows you to keep your traffic flows manageable as your network grows and becomes more complex over time.
Thanks for the confirmation and your recommendation!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.