VLAN ACL's

Unanswered Question
Aug 22nd, 2007
User Badges:

Hi guys,

I have cisco 3750G layer 3 Switch in which i have configured 4 vlans .Now i want only VLAN 2,Vlan 3,Vlan 4 to only communicate

with VLAN 5 and VLAN 5 should be only able to communicate to all but VLAN 2,VLAN 3,VLAN 4 should not communicate.


How do i configure this? plzs post the configuration.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jwdoherty Wed, 08/22/2007 - 20:25
User Badges:

Sorry I don't have a specific config example for you, since it's not clear whether your trying to maintain this separation at L2 or L3.


However, look at "Router ACLs" (L3) or "VLAN ACLs or VLAN maps" (L2) in http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081de82.html


Another option that might work for you for L2 is "Private VLANs" where VLANs 2, 3, 4 are in a "Community" unique to each and VLAN 5 is "Promiscuous". See http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081df68.html for details.

jwdoherty Thu, 08/23/2007 - 06:43
User Badges:

Then standard ACLs using address blocks. For example, an inbound ACL on VLANs 2..4 SVI that only permits traffic to VLAN5. That alone would be sufficient, but you could also add an outbound ACL, again for VLANs 2..4, that only permits traffic from VLAN5.

Actions

This Discussion