VLAN/ACL setup
Hi,
I've setup a 'guest' VLAN (VLAN200) that has no access to VLAN1 but can access internet resources.
VLAN1 can access VLAN200 but not the other way around.
A webserver in VLAN1 is portmapped from internet. Actually there are more web servers but all all reverse proxied from internet.
VLAN1 uses split DNS so local clients access the webserver internally (not proxied).
VLAN200 clients use public DNS.
Unfortunately VLAN200 clients (B) cannot access the webservers in VLAN1 like external/internet clients can.
What rule/ACL do I need to define to make this possible.
Current rules are :
Gateway ACL: Deny LAN->LAN VLAN200 -> LAN
Switch ACL: Deny VLAN200 -> IPGroup (TCP/UDP switch and router IP)