Hi All,
I'm new to the Extreme Switch environment and I'm looking for some guidance on applying ACLs to a large deployment of networks.
I'm working on a project that is expanding a flat network into 48 VLANs across 6 locations. (8 VLANs per location).
The locations house an Extreme Switch that routes to a cisco router then to the internet. The VLAN default gateways are on the Extreme Switch config.
All VLANs are currently routable to all locations via the Cisco routers which are managed by a third party.
My question is, what is most practical way to set up ACLs to stop certain VLANs from communicating to others?
For example:
Location A has VLANs 510 (192.168.10.1 /22) and 560 (192.168.60.1 /22)
Location B has VLANs 610 (192.168.110.1 /24) and 660 (192.168.160.1 /24)
Goal: VLAN 510 needs DNS and DHCP from on server on VLAN 560 (192.168.60.50) , but all other traffic to VLAN 560, 610, and 660 should be blocked.
Will I need ACLs at both the Extreme switch level and the Cisco routers? Or can an ACL on the extreme switch get the job done? Can I block 192.168.0.0/16 once the DNS and DHCP allows are added?
Hope this makes sense, I'm also new to ACLs and I'm trying to wrap my mind around this. I'm happy to explain more if needed.
Thanks for any help you can provide.
