VLAN ACL's

mathurmahesh · ‎08-22-2007

Hi guys,

I have cisco 3750G layer 3 Switch in which i have configured 4 vlans .Now i want only VLAN 2,Vlan 3,Vlan 4 to only communicate

with VLAN 5 and VLAN 5 should be only able to communicate to all but VLAN 2,VLAN 3,VLAN 4 should not communicate.

How do i configure this? plzs post the configuration.

jwdoherty · ‎08-22-2007

Sorry I don't have a specific config example for you, since it's not clear whether your trying to maintain this separation at L2 or L3.

However, look at "Router ACLs" (L3) or "VLAN ACLs or VLAN maps" (L2) in http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081de82.html

Another option that might work for you for L2 is "Private VLANs" where VLANs 2, 3, 4 are in a "Community" unique to each and VLAN 5 is "Promiscuous". See http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a008081df68.html for details.

mathurmahesh · ‎08-23-2007

at L3

jwdoherty · ‎08-23-2007

Then standard ACLs using address blocks. For example, an inbound ACL on VLANs 2..4 SVI that only permits traffic to VLAN5. That alone would be sufficient, but you could also add an outbound ACL, again for VLANs 2..4, that only permits traffic from VLAN5.