inter-vlan routing question

Unanswered Question
Mar 16th, 2007

how do i choose/filter which vlans can route to other vlans? i have a 3750 with four subnets/vlans attached (two access, two management). i want to prevent mgmt vlan traffic from being routed into the access vlans and vice versa. i do obviously want to keep mgmt-to-mgmt and access-to-access vlan routing. do i use private vlans for this?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Fri, 03/16/2007 - 12:47

One solution would be to write an acl. If vlan 100 were an access vlan

access-list 100 deny ip any

access-list 100 deny ip any

access-list 100 permit ip any any

int vlan 100

ip access-group 100 in

sundar.palaniappan Fri, 03/16/2007 - 13:24

You can use VACLs to block data traveling between VLANs. If you aren't already familiar with VACLs use this configuration example..

int vlan 1

description Management VLAN

ip address

int vlan 2

description user VLAN

vlan access-map TEST 10

match ip address Management

action drop

vlan access-map TEST 20

action forward

vlan filter MANAGEMENT vlan-list 2

ip access-list extended Management

permit ip any

In this example, the switch would drop all traffic originated from VLAN2 destined to VLAN1(management vlan).




This Discussion