ACL Segmentation Policy on Multi-LAN Router
Deploy and verify multiple IPv4 ACLs on a single router that terminates three distinct LANs (Client, Server, and Management). You will place an extended ACL inbound on the Client interface to allow only specific services to the Server and block access to Management, a standard ACL outbound on the Management interface to enforce destination-side protection by source, and a VTY access-class to restrict router SSH to the Management subnet only. Validate with end-host tests that permitted flows succeed while denied flows are provably blocked, and use ACL hit counts and logs to troubleshoot.