|
Hi
We have a setup which is like this - a CISCO
2948G-L3 switch with different VLANs on it - VLAN1 for tier-1 which comprises
web servers, VLAN2 for tier-2 which has the application servers and VLAN3 for
tier-3 which has the database servers.
What I want to do is configure "extended ACLs" on
the switch for inter-VLAN communication - for eg, allow access from MachineA on
VLAN1 to MachineB on VLAN2 only on port 8000 and so on.
I read the Release Notes of 2948G-L3 and it has "IP
extended ACL" in the Features Not Supported section.
What I want to know is this - Is it atleast
possible to configure plain IP access (allow/deny) from one VLAN to another -
for eg, allow IP from VLAN1 to VLAN2, deny IP from VLAN1 to VLAN3 and so on.
There is a concept of IRB - will that be used in anyway.
If this is possible, I will do enough system
hardening of my boxes to ensure that the servers don't listen on any other port
and get going. (Maybe this would not be the best way of doing things, but
anyway...)
Thanks for any help
Charles
|
- Re: Layer-3 Switch & Access Lists Charles
- Re: Layer-3 Switch & Access Lists Truman Boyes
