Greetings! This is my first post here. My name is John and I'm trying to configure a scalable solution for our monitoring system to keep track of individual circuit health.
I've configured one Extreme Networks X440-48t switch stack as a router connecting to switches at different buildings over metro ethernet circuits.
Each building switch can see the routing switch on a /30 like so:
Routing Switch Stack X440-48t: Building Switches X440-8p's:
VLAN 311: 192.168.252.1/30 -> 192.168.252.2
VLAN 512: 192.168.252.5/30 -> 192.168.252.6
VLAN 242: 192.168.252.9/30 -> 192.168.252.10
Default VLAN: 192.168.2.236/24
|
Core switching stack
|
Internal Core Router
|
192.168.2.254
I want IP traffic coming from 192.168.2.0 network to have access to all VLAN's with those /30 addresses but I do not want each of the switches to be able to communicate with each other.
For example:
192.168.252.2/30 should not be able to communicate with 192.168.252.6/30 or 192.168.252.10/30.
What would be the most efficient and manageable way to do achieve this goal using EXOS ACL's while also planning for the fact that there could be endless VLAN interfaces configured this way in the future?
Thanks in advance for any assistance.
John
