[c-nsp] Restricted specific VLAN contacting other VLANs in catalyst 3750 switch

[trgapp16]

Hello,

We use Cisco Catalyst 3750 switch as  small data center (DC)/Core Switch on which nearly 
200 VLANs sit, having internet connectivity through a ADSL modem/router.

SVI/RVIs are defined for all these 200 VLANs on the same DC/Core Switch.

We have the following requirement:

VLAN 1 - 190: should communicate among themselves and to internet

VLAN 191: having network address 192.168.1.0/28 should not communicate with any other 
VLAN except internet

To meet this requirement we used the following VACL configuration

SW(config)#access-list 100  permit ip 192.168.1.0 0.0.0.15 any

SW(config)#vlan access-group XYZ 10

SW(config-access-map)#match ip address 100

SW(config-access-map)#action drop

SW(config-access-map)#vlan access-group XYZ 20

SW(config)#vlan filter XYZ vlan-list 1-190

By doing this VLAN 1-190 are not able to contact vlan 191, but to internet and 
among themselves(vlan 1-190).

Hosts in VLAN 191 are not able to contact the hosts in 1-190 VLANs(this is 
also fine), but hosts in VLAN 191 are contacting the SVI/Gateways of 1-190 VLANs.

Is there anything wrong in my VACLs configuration or sequence of ACLs.

Any help is greatly appreciated.

Thanks in advance

Mounika M

### Please consider the environment and print this email only if necessary . Go Green 
### 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
Disclaimer : 
This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 
If you are not the intended recipient you are notified that disclosing, 
copying, distributing or taking any action in reliance on the contents of this 
information is strictly prohibited. The sender does not accept liability 
for any errors or omissions in the contents of this message, which arise as a 
result.

-- 
Open WebMail Project (http://openwebmail.org)