Create Date: Jun 20 2012 5:48AM
On a Black Diamond (aka Aspen) 8810 (with EXOS 12.1) , I have a VLAN (let's call it "isolated") that i would like isolated from all other VLANs except for a few specific hosts. Only for those hosts belonging to other VLANs the traffic should be routed.
My first idea is to enable ipforwarding for this VLAN "isolated" (ipforwarding is already enabled for all other VLANs) and configure ACLs on this VLAN that permit packets to and from the few specific authorized hosts, and a default ACL that matches everything else and denies all packets.
But this won't work since on this model ACL are only possible for ingress traffic, so it will drop all traffic from any VLAN to VLAN "isolated", but it won't drop traffic from VLAN "isolated" to other VLANs. I don't like it from the security point of view.
Is there a way to do that? I'm far from being a network expert, but isn't it a very common need?
Thanks in advance