CCDE: Cisco Certified Design Expert (Practical) — Question 211

A customer has a functional requirement that states HR systems within a data center should be segmented from other systems that reside in the same data center and same VLAN. The systems run legacy applications by using hard-coded IP addresses. Which segmentation method is suitable and scalable for the customer?

Answer options

• A. data center perimeter firewalling
• B. routed firewalls
• C. VACLs on data center switches
• D. transparent firewalling

Correct answer: C

Explanation

VACLs (VLAN Access Control Lists) on data center switches are ideal for segmenting traffic within the same VLAN, making them suitable for the customer's requirement to isolate HR systems without altering IP addressing. The other options, such as perimeter firewalling and routed firewalls, are not designed for intra-VLAN segmentation, and transparent firewalling does not provide the necessary control for legacy systems with hard-coded IPs.