Counter to my request;

As per the design, all VLANs are open all. I understand for a beginner user this is a great idea as they won't need to get knee-deep into ACLs.

My request;

Allow more advanced users or corporate users to switch from default-all allow to default-all reject, preferably at the site level?

If not are we able to get one at a VLAN level?

My reasoning;

With a limit of 32 ACLs I can create and my want to default reject all. I am using a significant amount of ACLs on just reject between my subnets. Further, this can make the ACLs messier and more complicated.

Within the community there is a lot of confusion over ACLs, even if we can have an isolation switch on the VLAN level it would reduce the amount of ACLs people are having to create. This will allow people to better and more clearly understand ACLs.

This also allows for better security overall.

Thank you :)