Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
5
Replies

Control VLAN routing on a multi layer switch

d-g-c
Level 1
Level 1

‎05-03-2007 02:42 AM - edited ‎03-05-2019 03:50 PM

In a scenario where I have a layer three switch configured with 50 VLANS and want to enable layer 3 switching/routing between only 5 VLANS. When I enable ip routing on the switch I enable routing between all VLANS, I don't want to administer multiple ACLS to restrict access, is there another way to stop traffic routing between specific VLANS?

Labels:
0 Helpful
5 Replies 5

Anand Narayana
Level 6
Level 6

‎05-03-2007 02:52 AM

NO, ACL is the only way to block the different for specific vlan. if you want complete traffic to be blocked with all vlan's, don't enable ip routing, for specific vlan, you need to hav ACL.

hope this helps.

rate this post if satisfied.

0 Helpful

bjornarsb
Level 4
Level 4

‎05-03-2007 03:11 AM

Hi,

How about enabling Multiprotocol Label Switching on your layer 3 switch

Then you can get separate routing instance

for groups of your vlans by putting them in separate vrfs.

For more detailed information about configuring Multiprotocol Label Switching

have a look at this link:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7fb.html#wp1041341

Regards

Bjornarsb

0 Helpful

glen.grant
VIP Alumni
VIP Alumni

‎05-03-2007 03:32 AM

I think you need to be more specific , do you have 50 layer 2 vlans or 50 layer 3 vlans currently . If they are layer 2 vlans then only create the layer 3 SVI's for the 5 you want to route between . If you already have 50 layer 3 SVI's defined then ACL's are your only option.

0 Helpful

paulo.s
Level 1
Level 1

‎05-03-2007 07:48 AM

Hi. If you create interface just only this 5 vlans, and don't create for the others 45 vlans, I think your problem it's solved.

Hope I help you.

Paulo Maur?cio

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame

‎05-03-2007 11:20 AM

Hi Peter

As other have said it's all down to whether or not you have created a Layer 3 interface on the switch.

If you create 50 vlans on the switch so that when you do a "show vlan" you see all 50 then these are layer 2 vlans only. You can enable ip routing and still there will be no routing between these vlans because they are only layer 2.

To route between vlans you need to create layer 3 interfaces for your vlans. eg.

You have a layer 2 vlan - vlan 20. To create a layer 3 interface (SV1) for it you would use the following commands

interface vlan 20

ip address x.x.x.x "subnet mask"

no shut

A "show ip interface brief" on the switch will show you which vlan interfaces you have created.

Only those vlans with L3 interfaces will be able to talk to each other. No layer 3 interface and clients within that vlan can only talk to clients within the same vlan.

Hope this makes sense

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card