TL/DR am I heading in the right direction here:
assuming vlan 10 is 192.168.10.x vlan 20 is 192.168.20.x etc
Then to apply I guess would be an RVI egress ACL so
Thanks.
assuming vlan 10 is 192.168.10.x vlan 20 is 192.168.20.x etc
(host) (config) #ip access-list stateless VLAN10
(host) (config-stateless-VLAN10) #network 192.168.10.0 255.255.255.0 any any permit
Then to apply I guess would be an RVI egress ACL so
(host) (config) #interface vlan 10
(host) (vlan 10) #ip access-group in VLAN10
I'm not finding much via searching so I'm assuming the info is so basic 'everyone' already knows... or its EOL and everyone already brain dumped the old OS
Goal - block intervlan routing. Default behavior when an IP is assigned to a VLAN is to allow all intervlan - I really don't need that right now, I'm just trying to have router on stick so the switch can do switchy things. Obviously this will require ACL for each VLAN but as this is my first L3 router, I'm not sure which type of ACL to use - options are:
From reddit/other places it seems Extended ACL are processed on CPU not ASIC so performance takes a big hit, Stateless seems to avoid this but I have no idea about the others.
Goal - block intervlan routing. Default behavior when an IP is assigned to a VLAN is to allow all intervlan - I really don't need that right now, I'm just trying to have router on stick so the switch can do switchy things. Obviously this will require ACL for each VLAN but as this is my first L3 router, I'm not sure which type of ACL to use - options are:
- Ethertype - I have no idea on this one
- MAC - not likely for what I need
- Standard - no idea it runs on CPU or ASIC
- Extended - hopefully not the one I need but is most granular
- Stateless
From reddit/other places it seems Extended ACL are processed on CPU not ASIC so performance takes a big hit, Stateless seems to avoid this but I have no idea about the others.
Thanks.