I have a vlanAA with an interface IP, say 10.1.1.1, which is an uplink to the "outside"
I have more vlans in my logical chassis.
I'm looking for recommendation, suggestion on how to best:
a) protect(deny) 10.1.1.1 from/against the outside, or anybody for that mater, except for maybe allowing a MAC/IP - that would be ACLs, right?
b) protect(deny) traffic from/via vlanAA(or any traffic sourcing from vlanAA) to any other vlans/ports in my logical chassis - does it have to be ACLs?
I'd appreciate very much a rough programmatic sketch on how should you get it done.