[c-nsp] VLANs ACLs in a 3750 switch stack
JA Colmenares
sforcejr at yahoo.com
Wed Jan 16 07:43:42 EST 2013
Hi all,
We have this case :
A CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs.
We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature.
The simplified environment looks like this:
INTERNET ROUTER =====EXTERNAL FIREWALL ======CORE ROUTER=====3750-X SWITCH STACK
QUESTIONS:
- Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ?
- Do you recommend any other way?
- Any recommended CISCO resource/white paper to read about best practice?
Thanks
Juan
More information about the cisco-nsp
mailing list