I have been asked to create an ACL that provides access to only certain servers and deny access to all else. I'm worried that to get this working i might drain switch resources.
Here is the layout
I have a stacked series of X460's (3) acting as a collapsed CORE. One of the switches is an SFP switch that remote buildings connect to. This same stack also has an ESX cluster connected to it.
This is an educational institution with about 1000 students. Each of the remote buildings is a separate VLAN/Network and the servers are in a separate VLAN as well. The request is to provide students access to only certain servers, the internet and nothing else. Communication between VLAN's is also to be avoided.
With this criteria what is the best way to deploy an ACL without draining switch resources?
I could deploy an ACL per VLAN/Building which in effect means applying different ACL's to the specific port the remote building is connected to. This comes closest to meeting the criteria but also seems the most expensive in terms of resources.
Thanks for your time,