Security between VLANS

Unanswered Question
Jun 26th, 2007
User Badges:

Guys, I just need very simple security... I setup a router which has a 4-port switch and port 1 is VLAN 2 and port 2 is VLAN 3


I Have 2 different networks running on each vlan and all works great. However, hosts on both VLANS can ping and see each other. I need to have each vlan to be totally independent and private from each other.


So I need to block hosts from one VLAN from seeing hosts on the other VLAN


Can anyone help?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
jaffer_sathik2010 Wed, 06/27/2007 - 01:07
User Badges:

I had configured vlan in my career on the dedicated switch but not on switch built in with router.


Until unless you configured inter vlan routing on the router,two vlans will not ping each other.


Have you configured inter valn routing? (that means have you created any subinterfaces on the router?).


Or else can you provide the config of Vlan part of the router ?


--Jaffer

Jon Marshall Wed, 06/27/2007 - 09:58
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


If you want to stop the 2 vlans talking to each other eg.


vlan 1 = 192.168.1.0 255.255.255.0

vlan 2 = 192.168.2.0 255.255.255.0


access-list vlan1_in deny ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list vlan1_in permit ip 192.168.1.0 255.255.255.0 any


interface vlan 1

ip access-group vlan1_in in


access-list vlan2_in deny ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

access-list vlan2_in permit 192.168.2.0 255.255.255.0 any


interface vlan 2

ip access-group vlan2_in in


The above access-lists will block traffic between the 2 vlans but allow each vlan to communicate with any other network.


HTH


Jon


insccisco Wed, 06/27/2007 - 10:52
User Badges:

Jon that is exactly what I was looking for.


You are the greatest



thank you

Jon Marshall Wed, 06/27/2007 - 11:01
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Glad to have helped and appreciate the rating.


Jon

Actions

This Discussion