03-16-2007 12:28 PM - edited 03-05-2019 02:57 PM
how do i choose/filter which vlans can route to other vlans? i have a 3750 with four subnets/vlans attached (two access, two management). i want to prevent mgmt vlan traffic from being routed into the access vlans and vice versa. i do obviously want to keep mgmt-to-mgmt and access-to-access vlan routing. do i use private vlans for this?
thanks,
Matt
03-16-2007 12:47 PM
One solution would be to write an acl. If vlan 100 were an access vlan
access-list 100 deny ip any
access-list 100 deny ip any
access-list 100 permit ip any any
int vlan 100
ip access-group 100 in
03-16-2007 01:24 PM
You can use VACLs to block data traveling between VLANs. If you aren't already familiar with VACLs use this configuration example..
int vlan 1
description Management VLAN
ip address 192.168.1.1 255.255.255.0
int vlan 2
description user VLAN
vlan access-map TEST 10
match ip address Management
action drop
vlan access-map TEST 20
action forward
vlan filter MANAGEMENT vlan-list 2
ip access-list extended Management
permit ip any 192.168.1.0 0.0.0.255
In this example, the switch would drop all traffic originated from VLAN2 destined to VLAN1(management vlan).
HTH
Sundar
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: