Hi all,
We have this case : A CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs. We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature. The simplified environment looks like this: INTERNET ROUTER =====EXTERNAL FIREWALL ======CORE ROUTER=====3750-X SWITCH STACK QUESTIONS: - Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ? - Do you recommend any other way? - Any recommended CISCO resource/white paper to read about best practice? Thanks Juan _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
