Hi Group
My customer wants to limit connectivity between certain subnets. The example: 3 subnets, A, B and C located on seperate VLANs associated with the same VRF
B contains shared services (including build server)
A and C are client VLANs and must have free connectivity to B
A and C should not be able to communicate directly.
It occurs to me the simplest thing would be to apply an extended inbound ACL: on VLAN A permitting traffic from A to B on VLAN C permitting traffic from C to B
In certain cases the ACLs might need to be sligntly more complicated (VLAN D may need to communicate with B and C and not A) but we're not talking about filtering at the application level (yet).
I can't find anything explicit on CCO, to say one way or the other, and my CCNP switching didn't cover CEF.
Do ACLs of this type have an impact on the type of switching (i.e. dropping from CEF to process switching)?
Thanks in advance