VLAN ACL's

Unanswered Question
Aug 22nd, 2007

Hi guys,

I have cisco 3750G layer 3 Switch in which i have configured 4 vlans .Now i want only VLAN 2,Vlan 3,Vlan 4 to only communicate

with VLAN 5 and VLAN 5 should be only able to communicate to all but VLAN 2,VLAN 3,VLAN 4 should not communicate.

How do i configure this? plzs post the configuration.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jwdoherty Wed, 08/22/2007 - 20:25

Sorry I don't have a specific config example for you, since it's not clear whether your trying to maintain this separation at L2 or L3.

However, look at "Router ACLs" (L3) or "VLAN ACLs or VLAN maps" (L2) in http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081de82.html

Another option that might work for you for L2 is "Private VLANs" where VLANs 2, 3, 4 are in a "Community" unique to each and VLAN 5 is "Promiscuous". See http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081df68.html for details.

jwdoherty Thu, 08/23/2007 - 06:43

Then standard ACLs using address blocks. For example, an inbound ACL on VLANs 2..4 SVI that only permits traffic to VLAN5. That alone would be sufficient, but you could also add an outbound ACL, again for VLANs 2..4, that only permits traffic from VLAN5.

Actions

This Discussion